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About the Documentation 


IN THIS SECTION 


Documentation and Release Notes | xxi 
Using the Examples in This Manual | xxii 
Documentation Conventions | xxiii 


Documentation Feedback | xxvi 


Requesting Technical Support | xxvi 


Use this guide to configure and monitor Network, Services, and Special interfaces for Juniper security 
devices. 


Refer to LTE interfaces and Wi-Fi Mini-PIM interfaces on SRX300, SRX320, SRX340, SRX345, SRX550, 
and SRX550 HM devices. 


Also, understand and configure the physical, logical and VLAN interfaces, DS1 and DS3 interfaces, ADSL, 
SHDSL, and VDSL interfaces, Ethernet Interfaces, interface encapsulation, link service interfaces, 
management, discard, and loopback interfaces, and serial interfaces on SRX300, SRX320, SRX340, 
SRX345, SRX550, and SRX550 HM devices. 


Refer to Interfaces Support for SRX100, SRX110, SRX210, SRX240, SRX550, SRX650, and SRX1400 
Devices section to access information on modem interfaces and 1-Port Clear Channel DS3/E3 GPIM 


interfaces. 


| Documentation and Release Notes 


To obtain the most current version of all Juniper Networks” technical documentation, see the product 


documentation page on the Juniper Networks website at https://www.juniper.net/documentation/. 


If the information in the latest release notes differs from the information in the documentation, follow the 
product Release Notes. 


Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts. 
These books go beyond the technical documentation to explore the nuances of network architecture, 
deployment, and administration. The current list can be viewed at https://www.juniper.net/books. 


xxii 


| Using the Examples in This Manual 


If you want to use the examples in this manual, you can use the load merge or the load merge relative 
command. These commands cause the software to merge the incoming configuration into the current 
candidate configuration. The example does not become active until you commit the candidate configuration. 


If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example 
is a full example. In this case, use the load merge command. 


If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In 
this case, use the load merge relative command. These procedures are described in the following sections. 


Merging a Full Example 


To merge a full example, follow these steps: 


1. From the HTML or PDF version of the manual, copy a configuration example into a text file, save the 
file with a name, and copy the file to a directory on your routing platform. 


For example, copy the following configuration to a file and name the file ex-script.conf. Copy the 
ex-script.conf file to the /var/tmp directory on your routing platform. 


system { 
scripts { 
commit { 
file ex-script.xsl; 


} 
interfaces { 
fxpO { 
disable; 
unit O { 
family inet { 
address 10.0.0.1/24; 


2. Merge the contents of the file into your routing platform configuration by issuing the load merge 
configuration mode command: 
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[edit] 
user@host# load merge /var/tmp/ex-script.conf 
load complete 


Merging a Snippet 


To merge a snippet, follow these steps: 


1. From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the 
file with a name, and copy the file to a directory on your routing platform. 


For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the 
ex-script-snippet.conf file to the /var/tmp directory on your routing platform. 


commit { 
file ex-script-snippet.xsl; } 


2. Move to the hierarchy level that is relevant for this snippet by issuing the following configuration mode 
command: 
[edit] 


user@host# edit system scripts 
[edit system scripts] 


3. Merge the contents of the file into your routing platform configuration by issuing the load merge 
relative configuration mode command: 


[edit system scripts] 
user@host# load merge relative /var/tmp/ex-script-snippet.conf 
load complete 


For more information about the load command, see CLI Explorer. 


Documentation Conventions 


Table 1 on page xxiv defines notice icons used in this guide. 


Table 1: Notice Icons 


Meaning 


Informational note 


Caution 


Warning 


Laser warning 


Tip 


Best practice 


oO > > P Oo: 


Description 


XXiv 


Indicates important features or instructions. 


Indicates a situation that might result in loss of data or hardware 


damage. 


Alerts you to the risk of personal injury or death. 


Alerts you to the risk of personal injury from a laser. 


Indicates helpful information. 


Alerts you to a recommended use or implementation. 


Table 2 on page xxiv defines the text and syntax conventions used in this guide. 


Table 2: Text and Syntax Conventions 


Convention 


Bold text like this 


Fixed-width text like this 


Italic text like this 


Description 


Represents text that you type. 


Represents output that appears on 
the terminal screen. 


e Introduces or emphasizes important 


new terms. 
e Identifies guide names. 


e Identifies RFC and Internet draft 
titles. 


Examples 


To enter configuration mode, type 
the configure command: 


user@host> configure 


user@host> show chassis alarms 


No alarms currently active 


e A policy term is a named structure 
that defines match conditions and 
actions. 


e Junos OS CLI User Guide 


e RFC 1997, BGP Communities 
Attribute 


Table 2: Text and Syntax Conventions (continued) 


Convention 


Italic text like this 


Text like this 


< > (angle brackets) 


| (pipe symbol) 


# (pound sign) 


[ ] (square brackets) 


Indention and braces ( { }) 


; (semicolon) 


GUI Conventions 


Description 


Represents variables (options for 
which you substitute a value) in 
commands or configuration 
statements. 


Represents names of configuration 
statements, commands, files, and 
directories; configuration hierarchy 
levels; or labels on routing platform 
components. 


Encloses optional keywords or 
variables. 


Indicates a choice between the 
mutually exclusive keywords or 
variables on either side of the symbol. 
The set of choices is often enclosed 
in parentheses for clarity. 


Indicates a comment specified on the 
same line as the configuration 
statement to which it applies. 


Encloses a variable for which you can 
substitute one or more values. 


Identifies a level in the configuration 
hierarchy. 


Identifies a leaf statement at a 
configuration hierarchy level. 


Examples 


Configure the machine’s domain 


name: 


[edit] 
root@# set system domain-name 
domain-name 


e Toconfigure a stub area, include 
the stub statement at the [edit 
protocols ospf area area-id] 
hierarchy level. 


e The console port is labeled 
CONSOLE. 


stub <default-metric metric>; 


broadcast | multicast 


(string1 | string2 | string3) 


rsvp { # Required for dynamic MPLS 
only 


community name members [ 
community-ids ] 


[edit] 
routing-options { 
static { 
route default { 
nexthop address; 
retain; 
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Table 2: Text and Syntax Conventions (continued) 


Convention Description Examples 
Bold text like this Represents graphical user interface e Inthe Logical Interfaces box, select 
(GUI) items you click or select. All Interfaces. 


e Tocancel the configuration, click 


Cancel. 
> (bold right angle bracket) Separates levels in a hierarchy of In the configuration editor hierarchy, 
menu selections. select Protocols>Ospf. 


| Documentation Feedback 


We encourage you to provide feedback so that we can improve our documentation. You can use either 


of the following methods: 


e Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper 
Networks TechLibrary site, and do one of the following: 


ga Feedback - 


Is this page helpful? 


e Click the thumbs-up icon if the information on the page was helpful to you. 


e Click the thumbs-down icon if the information on the page was not helpful to you or if you have 
suggestions for improvement, and use the pop-up form to provide feedback. 


e E-mail—Send your comments to techpubs-comments@juniper.net. Include the document or topic name, 
URL or page number, and software version (if applicable). 


| Requesting Technical Support 


Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). 
If you are a customer with an active Juniper Care or Partner Support Services support contract, or are 
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covered under warranty, and need post-sales technical support, you can access our tools and resources 
online or open a case with JTAC. 


e JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User 
Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf. 


e Product warranties—For product warranty information, visit https://www.juniper.net/support/warranty/. 


e JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 
365 days a year. 


Self-Help Online Tools and Resources 


For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called 
the Customer Support Center (CSC) that provides you with the following features: 


Find CSC offerings: https://www.juniper.net/customers/support/ 


Search for known bugs: https://prsearch.juniper.net/ 


Find product documentation: https://www.juniper.net/documentation/ 


Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/ 


Download the latest versions of software and review release notes: 


https://www.juniper.net/customers/csc/software/ 


Search technical bulletins for relevant hardware and software notifications: 
https://kb.juniper.net/InfoCenter/ 


e Join and participate in the Juniper Networks Community Forum: 
https://www.juniper.net/company/communities/ 


e Create a service request online: https://myjuniper.juniper.net 
To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: 


https://entitlementsearch.juniper.net/entitlementsearch/ 


Creating a Service Request with JTAC 


You can create a service request with JTAC on the Web or by telephone. 
e Visit https://myjuniper.juniper.net. 
e Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico). 


For international or direct-dial options in countries without toll-free numbers, see 
https://support.juniper.net/support/requesting-support/. 
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Introduction to Interfaces 


IN THIS SECTION 


Understanding Interfaces | 29 
Network Interfaces | 30 
Services Interfaces | 31 
Special Interfaces | 34 


Interface Naming Conventions | 35 


Understanding the Data Link Layer | 37 


Junos OS supports different types of interfaces on which the devices function. The following topics provide 
information of types of interfaces used on security devices, the naming conventions and how to monitor 
the interfaces. 


Understanding Interfaces 


Interfaces act as a doorway through which traffic enters and exits a device. Juniper Networks devices 
support a variety of interface types: 


e Network interfaces—Networking interfaces primarily provide traffic connectivity. 
e Services interfaces—Services interfaces manipulate traffic before it is delivered to its destination. 


e Special interfaces—Special interfaces include management interfaces, the loopback interface, and the 
discard interface. 


Each type of interface uses a particular medium to transmit data. The physical wires and Data Link Layer 
protocols used by a medium determine how traffic is sent. To configure and monitor interfaces, you need 
to understand their media characteristics, as well as physical and logical properties such as IP addressing, 
link-layer protocols, and link encapsulation. 


NOTE: Most interfaces are configurable, but some internally generated interfaces are not 
configurable. 
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| Network Interfaces 


All Juniper Networks devices use network interfaces to make physical connections to other devices. A 
connection takes place along media-specific physical wires through an I/O card (IOC) in the SRX Series 
Services Gateway. Networking interfaces primarily provide traffic connectivity. 


You must configure each network interface before it can operate on the device. Configuring an interface 
can define both the physical properties of the link and the logical properties of a logical interface on the 
link. 


Table 3 on page 30 describes network interfaces that are available on SRX Series devices. 


Table 3: Network Interfaces 


Interface Name Description 

ae Aggregated Ethernet interface. See “Understanding Aggregated Ethernet Interfaces” on 
page 222. 

at ATM-over-ADSL or ATM-over-SHDSL WAN interface. 

cl Physical interface for the 3G wireless modem or LTE Mini-PIM. See “Understanding the 3G 


Wireless Modem Physical Interface” on page 500 and LTE Mini-PIM Overview. Starting with 
Junos OS Release 15.1X49-D100, SRX320, SRX340, SRX345, and SRX550HM devices 
support the LTE interface. The dialer interface is used for initiating wireless WAN connections 


over LTE networks. 


dl Dialer interface for initiating USB modem or wireless WAN connections. See “USB Modem 
Interface Overview” on page 515 and LTE Mini-PIM Overview. 


e1 E11 (also called DS1) WAN interface. See “Understanding T1 and E1 Interfaces” on page 69. 
e3 E3 (also called DS3) WAN interface. See “Understanding T3 and E3 Interfaces” on page 78. 
fe Fast Ethernet interface. See “Understanding Ethernet Interfaces” on page 203. 

ge Gigabit Ethernet interface. See “Understanding Ethernet Interfaces” on page 203. 

pt VDSL2 interface. See Example: Configuring VDSL2 Interfaces (Detail). 

reth For chassis cluster configurations only, redundant Ethernet interface. See “Understanding 


Ethernet Interfaces” on page 203. 


se Serial interface (either RS-232, RS-422/499, RS-530, V.35, or X.21). See “Serial Interfaces 


Overview” on page 547. 
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Table 3: Network Interfaces (continued) 


Interface Name Description 

t1 T1 (also called DS1) WAN interface. See “Understanding T1 and E11 Interfaces” on page 69. 

t3 T3 (also called DS3) WAN interface. See “Understanding T3 and E3 Interfaces” on page 78. 

wx WXC Integrated Services Module (ISM 200) interface for WAN acceleration. See the WXC 
Integrated Services Module Installation and Configuration. 

xe 10-Gigabit Ethernet interface. See “Understanding the 2-Port 10-Gigabit Ethernet XPIM” 


on page 262. 


NOTE: The affected interfaces are these: ATM-over-ADSL or ATM-over-SHDSL (at) interface, 
dialer interface (dl), E1 (also called DS1) WAN interface, E3 (also called DS3) WAN interface, 
VDSL2 interface (pt), serial interface (se), T1 (also called DS1) WAN interface, T3 (also called 
DS3) WAN interface. However, starting from Junos OS Release 15.1X49-D40 and onwards, 
SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices support VDSL2 (pt), serial 
(se), T1 (t1) , and E1 (e1) interfaces. 


| Services Interfaces 


Services interfaces provide specific capabilities for manipulating traffic before it is delivered to its destination. 


On Juniper Networks M Series and T Series routing platforms, individual services such as IP-over-IP 


encapsulation, link services such as multilink protocols, adaptive services such as stateful firewall filters 


and NAT, and sampling and logging capabilities are implemented by services Physical Interface Cards (PICs). 
On SRX Series devices, services processing is handled by the Services Processing Card (SPC). 


Although the same Junos OS image supports the services features across all routing platforms, on SRX 
Series devices, services interfaces are not associated with a physical interface. To configure services on 


these devices, you configure one or more internal interfaces by specifying slot O, interface carrier 0, and 
port O—for example, gr-0/0/0 for GRE. 


Table 4 on page 32 describes services interfaces that you can configure on SRX Series Services Gateways. 
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Table 4: Configurable Services Interfaces 


Interface Name 


gr-0/0/0 


ip-0/0/0 


Isq-0/0/0 


It-0/0/0 


Description 


Configurable generic routing encapsulation (GRE) interface. GRE allows the encapsulation 
of one routing protocol inside another routing protocol. 


Packets are routed to this internal interface, where they are first encapsulated with a GRE 
packet and then sent. 


You can create multiple instances of this interface for forwarding encapsulated data to 
multiple destination addresses by using the default interface as the parent and creating 
extensions, for example, gr-0/0/0.1, gr-0/0/0.2, and so on. 


The GRE interface is an internal interface only and is not associated with a physical interface. 
It is used only for processing GRE traffic. See the Junos OS Services Interfaces Library for 
Routing Devices for information about tunnel services. 


Configurable IP-over-IP encapsulation (IP-IP tunnel) interface. IP tunneling allows the 
encapsulation of one IP packet inside another IP packet. 


With IP routing, you can route IP packets directly to a particular address or route the IP 
packets to an internal interface where they are encapsulated inside an IP-IP tunnel and 
forwarded to the encapsulating packet's destination address. 


You can create multiple instances of this interface for forwarding IP-IP tunnel data to multiple 
destination addresses by using the default interface as the parent and creating extensions, 
for example, ip-0/0/0.1, ip-0/0/0.2, and so on. 


The IP-IP interface is an internal interface only and is not associated with a physical interface. 
It is used only for processing IP-IP tunnel traffic. See the Junos OS Services Interfaces Library 
for Routing Devices for information about tunnel services. 


Configurable link services queuing interface. Link services include the multilink services 
MLPPP, MLFR, and Compressed Real-Time Transport Protocol (CRTP). 


Packets are routed to this internal interface for link bundling or compression. The link services 
interface is an internal interface only and is not associated with a physical interface. You 
must configure the interface for it to perform multilink services. 


NOTE: The Is-0/0/0 interface has been deprecated. All multiclass multilink features supported 
by Is-0/0/0 are now supported by Isq-0/0/0. 


Configurable logical tunnel interface that interconnects logical systems on SRX Series devices. 
See the Logical Systems and Tenant Systems User Guide for Security Devices. 
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Table 4: Configurable Services Interfaces (continued) 


Interface Name Description 


ppO Configurable PPPoE encapsulation interface. PPP packets being routed in an Ethernet network 
use PPPoE encapsulation. 


Packets are routed to this internal interface for PPPoE encapsulation. The PPPoE 
encapsulation interface is an internal interface only and is not associated with a physical 
interface. You must configure the interface for it to forward PPPoE traffic. 


See “Understanding Point-to-Point Protocol over Ethernet” on page 343. 


ppdO Protocol Independent Multicast (PIM) de-encapsulation interface. In PIM sparse mode, the 
first-hop routing platform encapsulates packets destined for the rendezvous point device. 
The packets are encapsulated with a unicast header and are forwarded through a unicast 
tunnel to the rendezvous point. The rendezvous point then de-encapsulates the packets and 
transmits them through its multicast tree. 


Within a device, packets are routed to this internal interface for de-encapsulation. The PIM 
de-encapsulation interface is an internal interface only and is not associated with a physical 
interface. You must configure PIM with the [edit protocol pim] hierarchy to perform PIM 
de-encapsulation. 


Use the show pim interfaces command to check the status of ppdO interface. 


ppeO Protocol Independent Multicast (PIM) encapsulation interface. In PIM sparse mode, the 
first-hop routing platform encapsulates packets destined for the rendezvous point device. 
The packets are encapsulated with a unicast header and are forwarded through a unicast 
tunnel to the rendezvous point. The rendezvous point then de-encapsulates the packets and 
transmits them through its multicast tree. 


Within a device, packets are routed to this internal interface for encapsulation. The PIM 
encapsulation interface is an internal interface only and is not associated with a physical 
interface. You must configure PIM with the [edit protocol pim] hierarchy to perform PIM 
encapsulation. 


stO Secure tunnel interface used for IPSec VPNs. See the IPsec VPN User Guide for Security Devices. 


umdO Configurable USB modem physical interface. This interface is detected when a USB modem 
is connected to the USB port on the device. 


See “USB Modem Configuration Overview” on page 518. 


Table 5 on page 34 describes non-configurable services interfaces for SRX Series Services Gateways. 


Table 5: Non-Configurable Services Interfaces 


Interface Name 


gre 


ipip 


Isi 


pc-pim/0/0 


pimd 


pime 


tap 


Description 


Internally generated Generic Routing Encapsulation (GRE) interface created by Junos OS to 
handle GRE traffic. It is not a configurable interface. 


Internally generated IP-over-IP interface created by Junos OS to handle IP tunnel traffic. It 


is not a configurable interface. 


Internally generated link services interface created by Junos OS to handle multilink services 
like MLPPP, MLFR, and CRTP. It is not a configurable interface. 


Internally configured interface used by the system as a control path between the WXC 
Integrated Services Module and the Routing Engine. It is not a configurable interface. See 
the WX and WXC Series. 


Internally generated Protocol Independent Multicast (PIM) de-encapsulation interface created 
by Junos OS to handle PIM de-encapsulation. It is not a configurable interface. 


Internally generated Protocol Independent Multicast (PIM) encapsulation interface created 
by Junos OS to handle PIM encapsulation. It is not a configurable interface. 


Internally generated interface created by Junos OS to monitor and record traffic during 
passive monitoring. Packets discarded by the Packet Forwarding Engine are placed on this 
interface. It is not a configurable interface. 


| Special Interfaces 


Special interfaces include management interfaces, which are primarily intended for accessing the device 


remotely, the loopback interface, which has several uses depending on the particular Junos OS feature 


being configured, and the discard interface. 


Table 6 on page 34 describes special interfaces for SRX Series Services Gateways. 


Table 6: Special Interfaces 


Interface Name 


fxp0, fxp1 


Description 


On SRX Series devices, the fxpO management interface is a dedicated port located on the 


Routing Engine. 
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Table 6: Special Interfaces (continued) 


Interface Name 


loO 


dsc 


Description 


Loopback address. The loopback address has several uses, depending on the particular Junos 


feature being configured. 


Discard interface. 


| Interface Naming Conventions 


Each device interface has a unique name that follows a naming convention. If you are familiar with Juniper 
Networks M Series and T Series routing platforms, be aware that device interface names are similar to but 


not identical to the interface names on those routing platforms. 


The unique name of each network interface identifies its type and location and indicates whether it is a 


physical interface or an optional logical unit created on a physical interface. 


e The name of each network interface has the following format to identify the physical device that 


corresponds to a single physical network connector: 


type-slot/pim-or-ioc/port 


e Network interfaces that are fractionalized into time slots include a channel number in the name, preceded 


by a colon (:): 


type-slot/pim-or-ioc/port:channel 


e Each logical interface has an additional logical unit identifier, preceded by a period (.): 


type-slot/pim-or-ioc/port:<channel>.unit 


The parts of an interface name are summarized in Table 7 on page 35. 


Table 7: Network Interface Names 


Name Part 


type 


Meaning Possible Values 


Type of network medium ae, at, ei, e3, fe, fxpO, fxp1, ge, lo0, Isq, It, ppo, pt, sto, t1, t3, xe, and 
that can connect to this soon. 
interface. 


Table 7: Network Interface Names (continued) 


Name Part 


slot 


pim-or-ioc 


port 


channel 


Meaning 


Number of the chassis slot 
in which a PIM or IOC is 
installed. 


Number of the PIM or IOC 
on which the physical 
interface is located. 


Number of the port ona 
PIM or lOC on which the 
physical interface is 
located. 


Number of the channel 
(time slot) on a fractional 
or channelized T1 or E1 
interface. 


Possible Values 


SRX5600 and SRX5800 devices: The slot number begins at 0 and 
increases as follows from left to right, bottom to top: 


e SRX5600 device—Slots 0 to 5 
e SRX5800 device—Slots 0 to 5, 7 to 11 


SRX3400 and SRX3600 devices: The Switch Fabric Board (SFB) is 
always 0. Slot numbers increase as follows from top to bottom, left 
to right: 

e SRX3400 devce—Slots 0 to 4 

e SRX3600 device—Slots 0 to 6 

e SRX4600 device—Slots 0 to 6 


SRX5600 and SRX5800 devices: For 40-port Gigabit Ethernet |OCs 


or 4-port 10-Gigabit Ethernet IOCs, this number can be 0, 1, 2, or 3. 


SRX3400, SRX3600, and SRX 4600 devices: This number is always 
0. Only one IOC can be installed in a slot. 


On SRX5600 and SRX5800 devices: 


e For 40-port Gigabit Ethernet IOCs, this number begins at 0 and 
increases from left to right to a maximum of 9. 


e For 4-port 10-Gigabit Ethernet |OCs, this number is always 0. 
On SRX3400, SRX3600, and SRX 4600 devices: 


e For the SFB built-in copper Gigabit Ethernet ports, this number 
begins at O and increases from top to bottom, left to right, to a 
maximum of 7. For the SFB built-in fiber Gigabit Ethernet ports, 
this number begins at 8 and increases from left to right to a 
maximum of 11. 


e For 16-port Gigabit Ethernet IOCs, this number begins at 0 to a 
maximum of 15. 


e For 2-port 10-Gigabit Ethernet |OCs, this number is O or 1. 


Port numbers appear on the PIM or IOC faceplate. 


e Onan E1 interface, a value from 1 through 31. The 1 time slot is 
reserved. 


e Ona T1 interface, a value from 1 through 24. 
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Table 7: Network Interface Names (continued) 


Name Part Meaning 


unit 


Number of the logical 
interface created ona 


physical interface. 


Possible Values 


A value from 0 through 16384. 


If no logical interface number is specified, unit O is the default, but 
must be explicitly configured. 


In addition to user-configured interfaces, there are some logical 
interfaces that are created dynamically. Hence, for Junos OS, the 
maximum limit for configuring logical interfaces is 2,642,143 (user 
configured and dynamically created). Based on performance, for each 
platform, the maximum number of logical interfaces supported can 


vary. 


NOTE: Platform support depends on the Junos OS release in your installation. 


| Understanding the Data Link Layer 


IN THIS SECTION 


Physical Addressing | 38 
Network Topology | 38 
Error Notification | 38 
Frame Sequencing | 38 
Flow Control | 38 

Data Link Sublayers | 38 
MAC Addressing | 39 


The Data Link Layer is Layer 2 in the Open Systems Interconnection (OSI) model. The Data Link Layer is 


responsible for transmitting data across a physical network link. Each physical medium has link-layer 


specifications for network and link-layer protocol characteristics such as physical addressing, network 


topology, error notification, frame sequencing, and flow control. 


Physical Addressing 


Physical addressing is different from network addressing. Network addresses differentiate between nodes 
or devices in a network, allowing traffic to be routed or switched through the network. In contrast, physical 
addressing identifies devices at the link-layer level, differentiating between individual devices on the same 
physical medium. The primary form of physical addressing is the media access control (MAC) address. 


Network Topology 


Network topology specifications identify how devices are linked in a network. Some media allow devices 
to be connected by a bus topology, while others require a ring topology. The bus topology is used by 
Ethernet technologies, which are supported on Juniper Networks devices. 


Error Notification 


The Data Link Layer provides error notifications that alert higher layer protocols that an error has occurred 
on the physical link. Examples of link-level errors include the loss of a signal, the loss of a clocking signal 
across serial connections, or the loss of the remote endpoint on a T1 or T3 link. 


Frame Sequencing 


The frame sequencing capabilities of the Data Link Layer allow frames that are transmitted out of sequence 
to be reordered on the receiving end of a transmission. The integrity of the packet can then be verified 
by means of the bits in the Layer 2 header, which is transmitted along with the data payload. 


Flow Control 


Flow control within the Data Link Layer allows receiving devices on a link to detect congestion and notify 
their upstream and downstream neighbors. The neighbor devices relay the congestion information to their 
higher layer protocols so that the flow of traffic can be altered or rerouted. 


Data Link Sublayers 


The Data Link Layer is divided into two sublayers: logical link control (LLC) and media access control (MAC). 
The LLC sublayer manages communications between devices over a single link of a network. This sublayer 
supports fields in link-layer frames that enable multiple higher layer protocols to share a single physical 
link. 


The MAC sublayer governs protocol access to the physical network medium. Through the MAC addresses 
that are typically assigned to all ports on a device, multiple devices on the same physical link can uniquely 
identify one another at the Data Link Layer. MAC addresses are used in addition to the network addresses 
that are typically configured manually on ports within a network. 
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MAC Addressing 


A MAC address is the serial number permanently stored in a device adapter to uniquely identify the device. 
MAC addresses operate at the Data Link Layer, while IP addresses operate at the Network Layer. The IP 
address of a device can change as the device is moved around a network to different IP subnets, but the 
MAC address remains the same, because it is physically tied to the device. 


Within an IP network, devices match each MAC address to its corresponding configured IP address by 
means of the Address Resolution Protocol (ARP). ARP maintains a table with a mapping for each MAC 
address in the network. 


Most Layer 2 networks use one of three primary numbering spaces—MAC-48, EUI-48 (extended unique 
identifier), and EUI-64—which are all globally unique. MAC-48 and EUI-48 spaces each use 48-bit addresses, 
and EUI-64 spaces use a 64-bit addresses, but all three use the same numbering format. MAC-48 addresses 
identify network hardware, and EUI-48 addresses identify other devices and software. 


The Ethernet and ATM technologies supported on devices use the MAC-48 address space. IPv6 uses the 
EUI-64 address space. 


MAC-48 addresses are the most commonly used MAC addresses in most networks. These addresses are 
12-digit hexadecimal numbers (48 bits in length) that typically appear in one of the following formats: 


e MM:MM:MM:SS:SS:SS 
e MM-MM-MM-SS-SS-SS 


The first three octets (MM:MM:MM or MM-MM-MM) are the ID number of the hardware manufacturer. 

Manufacturer ID numbers are assigned by the Institute of Electrical and Electronics Engineers (IEEE). The 
last three octets ($S:SS:SS or SS-SS-SS) make up the serial number for the device, which is assigned by the 
manufacturer. For example, an Ethernet interface card might have a MAC address of 00:05:85:c1:a6:a0. 


Release History Table 
Release Description 
15.1X49-D100 Starting with Junos OS Release 15.1X49-D100, SRX320, SRX340, SRX345, and 


SRX550HM devices support the LTE interface. The dialer interface is used for initiating 
wireless WAN connections over LTE networks. 


Physical Interface Properties 


IN THIS SECTION 


Understanding Interface Physical Properties | 40 
Understanding Bit Error Rate Testing | 42 
Understanding Interface Clocking | 43 
Understanding Frame Check Sequences | 44 
MTU Default and Maximum Values | 45 


Understanding Jumbo Frames Support for Ethernet Interfaces | 48 


The physical interfaces on security devices affect the transmission of either link-layer signals or the data 
across the links. The topics below describes the physical properties that include clocking properties, 
transmission properties, such as the maximum transmission unit (MTU), and encapsulation methods, such 
as point-to-point and Frame Relay encapsulation. SRX series devices also support jumbo frames. 


Understanding Interface Physical Properties 


The physical properties of a network interface are the characteristics associated with the physical link that 
affect the transmission of either link-layer signals or the data across the links. Physical properties include 
clocking properties, transmission properties, such as the maximum transmission unit (MTU), and 
encapsulation methods, such as point-to-point and Frame Relay encapsulation. 


The default property values for an interface are usually sufficient to successfully enable a bidirectional 
link. However, if you configure a set of physical properties on an interface, those same properties must 
be set on all adjacent interfaces to which a direct connection is made. 


Table 8 on page 40 summarizes some key physical properties of device interfaces. 
Table 8: Interface Physical Properties 


Physical Property Description 


bert-error-rate Bit error rate (BER). The error rate specifies the number of bit errors in a particular bit error 
rate test (BERT) period required to generate a BERT error condition. See “Understanding Bit 
Error Rate Testing” on page 42. 
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Table 8: Interface Physical Properties (continued) 


Physical Property 


bert-period 


chap 


clocking 


description 


disable 


encapsulation 


fcs 


Description 


Bit error rate test (BERT) time period over which bit errors are sampled. See “Understanding 


Bit Error Rate Testing” on page 42. 


Challenge Handshake Authentication Protocol (CHAP). Specifying chap enables CHAP 
authentication on the interface. See “Understanding CHAP Authentication on a PPPoE 
Interface” on page 361. 


Clock source for the link. Clocking can be provided by the local system (internal) or a remote 
endpoint on the link (external). By default, all interfaces use the internal clocking mode. If 
an interface is configured to accept an external clock source, one adjacent interface must 
be configured to act as a clock source. Under this configuration, the interface operates ina 
loop timing mode, in which the clocking signal is unique for that individual network segment 
or loop. See “Understanding Interface Clocking” on page 43. 


Auser-defined text description of the interface, often used to describe the interface's purpose. 
Administratively disables the interface. 

Type of encapsulation on the interface. Common encapsulation types include PPP, Frame 
Relay, Cisco HDLC, and PPP over Ethernet (PPPoE). See “Understanding Physical 


Encapsulation on an Interface” on page 312. 


Frame check sequence (FCS). FCS is an error-detection scheme that appends parity bits to 
a digital signal and uses decoding algorithms that detect errors in the received digital signal. 
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Table 8: Interface Physical Properties (continued) 


Physical Property Description 


mtu Maximum transmission unit (MTU) size. MTU is the largest size packet or frame, specified 
in bytes or octets, that can be sent ina packet-based or frame-based network. The TCP uses 
MTU to determine the maximum size of each packet in any transmission. 


You can adjust the MTU values at the physical interfaces by using the following command: 
set interface interface-name mtu mtu-value 


Sometimes there is a need to reduce the MTU values on interfaces to match the host tap 
interface MTU otherwise packets are dropped. You can adjust the MTU values by setting 
the mtu option of the set interfaces [fxpO | emO | fabO | fab1] command to a value between 
256 and 9192. 


Example: 


user@host# set interfaces emO mtu 1400 


The supported range for configuring an MTU packet size is 256 through 9192 bytes. However, 
all interfaces do not support 9192 bytes. For more information on the supported interfaces, 
see “MTU Default and Maximum Values” on page 45. 


no-keepalives Disabling of keepalive messages across a physical link. A keepalive message is sent between 
network devices to indicate that they are still active. Keepalives help determine whether the 
interface is operating correctly. Except for ATM-over-ADSL interfaces, all interfaces use 


keepalives by default. 


pap Password Authentication Protocol (PAP). Specifying pap enables PAP authentication on the 
interface. See “Understanding CHAP Authentication on a PPPoE Interface” on page 361. 


payload-scrambler Scrambling of traffic transmitted out the interface. Payload scrambling randomizes the data 
payload of transmitted packets. Scrambling eliminates nonvariable bit patterns (strings of all 
1s or all Os) that generate link-layer errors across some physical links. 


| Understanding Bit Error Rate Testing 


In telecommunication transmission, the bit error rate (BER) is the percentage of bits that have errors 
compared to the total number of bits received in a transmission, usually expressed as 10 to a negative 
power. For example, a transmission with a BER of 10 ° received 1 errored bit in 1,000,000 bits transmitted. 
The BER indicates how often a packet or other data unit must be retransmitted because of an error. If the 
BER is too high, a slower data rate might improve the overall transmission time for a given amount of data 
if it reduces the BER and thereby lowers the number of resent packets. 
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A bit error rate test (BERT) is a procedure or device that measures the BER for a given transmission. You 
can configure a device to act as a BERT device by configuring the interface with a bit error rate and a 
testing period. When the interface receives a BERT request from a BER tester, it generates a response in 
a well-known BERT pattern. The initiating device checks the BERT-patterned response to determine the 
number of bit errors. 


Understanding Interface Clocking 


IN THIS SECTION 


@ _— Data Stream Clocking | 44 


@ Explicit Clocking Signal Transmission | 44 


Clocking determines how individual routing nodes or entire networks sample transmitted data. As streams 
of information are received by a device in a network, a clock source specifies when to sample the data. In 
asynchronous networks, the clock source is derived locally, and synchronous networks use a central, 
external clock source. Interface clocking indicates whether the device uses asynchronous or synchronous 
clocking. 


NOTE: Because truly synchronous networks are difficult to design and maintain, most 
synchronous networks are really plesiochronous networks. In a plesiochronous network, different 
timing regions are controlled by local clocks that are synchronized (with very narrow constraints). 
Such networks approach synchronicity and are generally known as synchronous networks. 


Most networks are designed to operate as asynchronous networks. Each device generates its own clock 
signal, or devices use clocks from more than one clock source. The clocks within the network are not 
synchronized to a single clock source. By default, devices generate their own clock signals to send and 
receive traffic. 


The system clock allows the device to sample (or detect) and transmit data being received and transmitted 
through its interfaces. Clocking enables the device to detect and transmit the Os and 1s that make up 
digital traffic through the interface. Failure to detect the bits within a data flow results in dropped traffic. 


Short-term fluctuations in the clock signal are known as clock jitter. Long-term variations in the signal are 
known as clock wander. 
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Asynchronous clocking can either derive the clock signal from the data stream or transmit the clocking 
signal explicitly. 


This topic contains the following sections: 


Data Stream Clocking 


Common in T1 links, data stream clocking occurs when separate clock signals are not transmitted within 
the network. Instead, devices must extract the clock signal from the data stream. As bits are transmitted 
across the network, each bit has a time slot of 648 nanoseconds. Within a time slot, pulses are transmitted 
with alternating voltage peaks and drops. The receiving device uses the period of alternating voltages to 
determine the clock rate for the data stream. 


Explicit Clocking Signal Transmission 


Clock signals that are shared by hosts across a data link must be transmitted by one or both endpoints on 
the link. In a serial connection, for example, one host operates as a clock master and the other operates 
as aclock slave. The clock master internally generates a clock signal that is transmitted across the data 
link. The clock slave receives the clock signal and uses its period to determine when to sample data and 
how to transmit data across the link. 


This type of clock signal controls only the connection on which it is active and is not visible to the rest of 
the network. An explicit clock signal does not control how other devices or even other interfaces on the 
same device sample or transmit data. 


Understanding Frame Check Sequences 


IN THIS SECTION 


@ = Cyclic Redundancy Checks and Checksums | 45 


@ = Two-Dimensional Parity | 45 


All packets or frames within a network can be damaged by crosstalk or interference in the network's 
physical wires. The frame check sequence (FCS) is an extra field in each transmitted frame that can be 
analyzed to determine if errors have occurred. The FCS uses cyclic redundancy checks (CRCs), checksums, 
and two-dimensional parity bits to detect errors in the transmitted frames. 


This topic contains the following sections: 
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Cyclic Redundancy Checks and Checksums 


On a link that uses CRCs for frame checking, the data source uses a predefined polynomial algorithm to 

calculate a CRC number from the data it is transmitting. The result is included in the FCS field of the frame 
and transmitted with the data. On the receiving end, the destination host performs the same calculation 
on the data it receives. 


If the result of the second calculation matches the contents of the FCS field, the packet was sent and 
received without bit errors. If the values do not match, an FCS error is generated, the frame is discarded 
and the originating host is notified of the error. 


Checksums function similarly to CRCs, but use a different algorithm. 


Two-Dimensional Parity 


Ona link that uses two-dimensional parity bits for frame checking, the sending and receiving hosts examine 
each frame in the total packet transmission and create a parity byte that is evaluated to detect transmission 
errors. 


For example, a host can create the parity byte for the following frame sequence by summing up each 
column (each bit position in the frame) and keeping only the least-significant bit: 


Frame 1 @ t@ lt @ @ tt 
Frame 2 Li @ t @ @ a 
Frame 3 L@Oitit it Lt © 
Frame 4 OO Olid L © 
Frame 5 ®t i@g il @ @ 
Frame 6 i @ a a ak ab at 
Parity Byte oak at ak) ah al 





If the sum of the bit values in a bit position is even, the parity bit for the position is O. If the sum is odd, 
the parity bit is 1. This method is called even parity. Matching parity bytes on the originating and receiving 
hosts indicate that the packet was received without error. 


MTU Default and Maximum Values 


The MTU values are by default without any MTU configurations. If the MTU value is set, then the formula 
IFF MTU (IP MTU) = IFD MTU (Media MTU) - L2 Overhead is applicable. See Table 9 on page 46 for 
default MTU values. 


NOTE: For ATM MLPPP irrespective of UIFD MTU, the IP MTU is always 1500 because the IP 
MTU calculation is based on the LSQ interface. Even if you configure the LSQ family MTU, the 
IP MTU value cannot exceed 1504. 


Table 9 on page 46 lists MTU values for the SRX Series Services Gateways Physical Interface Modules 


(PIMs). 


Table 9: MTU Values for the SRX Series Services Gateways PIMs 


PIM 
1-Port Gigabit Ethernet 
Small Form-Factor 


Pluggable (SFP) Mini-PIM 


1-Port Small Form-Factor 
Pluggable (SFP) Mini-PIM 


DOCSIS Mini-PIM 


Serial Mini-PIM 


T1/E1 Mini-PIM 


Dual CT1/E1 GPIM 


Quad CT1/E1 GPIM 


2-Port 10- Gigabit Ethernet 
XPIM 


16-Port Gigabit Ethernet 
XPIM 


24-Port Gigabit Ethernet 
XPIM 


Default Media MTU 
(Bytes) 


1514 


1514 


1504 


1504 


1504 


1504 


1504 


1514 


1514 


1514 


ADSL2+ Mini-PIM (Encapsulation) 


atm-snap 


1512 


Maximum MTU (Bytes) 


9010 


1518 


1504 


2000 


2000 


9000 


9000 


9192 


9192 


9192 


1512 


Default IP MTU (Bytes) 


1500 


1500 


1500 


1500 


1500 


1500 


1500 


1500 


1500 


1500 


1504 
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Table 9: MTU Values for the SRX Series Services Gateways PIMs (continued) 


PIM 


atm-vcmux 


atm-nlpid 


atm-cisco-nlpid 


ether-over-atm-llc 


atm-ppp-llc 


atm-ppp-vcmux 


atm-mlppp-llc 


ppp-over-ether-over-atm-llc 


Default Media MTU 
(Bytes) 


1512 


1512 


1512 


1512 


1512 


1512 


1512 


1512 


VDSL- Mini-PIM AT mode (Encapsulation) 


atm-snap 


atm-vcmux 


atm-nlpid 


atm-cisco-nlpid 


ether-over-atm-llc 


atm-ppp-llc 


atm-ppp-vcmux 


atm-mlppp-llc 


ppp-over-ether-over-atm-llc 


VDSL- Mini-PIM PT mode 


1514 


1514 


1514 


1514 


1514 


1514 


1514 


1514 


1514 


1514 


Maximum MTU (Bytes) 


1512 


1512 


1512 


1512 


1512 


1512 


1512 


1512 


1514 


1514 


1514 


1514 


1524 


1514 


1514 


1514 


1514 


1514 


Default IP MTU (Bytes) 


1512 


1508 


1510 


1488 


1506 


1510 


1500 


1480 


1506 


1514 


1510 


1512 


1490 


1508 


1512 


1500 


1482 


1500 
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Table 9: MTU Values for the SRX Series Services Gateways PIMs (continued) 


Default Media MTU 
PIM (Bytes) Maximum MTU (Bytes) Default IP MTU (Bytes) 


G.SHDSL Mini-PIM AT mode (Encapsulation) 


atm-snap 4482 4482 4470 
atm-vcmux 4482 4482 4470 
atm-nlpid 4482 4482 4470 
atm-cisco-nlpid 4482 4482 4470 
ether-over-atm-llc 4482 4482 1500 
atm-ppp-llc 4482 4482 4476 
atm-ppp-vcmux 4482 4482 4480 
atm-mlppp-llc 4482 4482 1500 
ppp-over-ether-over-atm-llc 4482 4482 1492 
G.SHDSL Mini-PIM PT 1514 1514 1500 
mode 


| Understanding Jumbo Frames Support for Ethernet Interfaces 


SRX Series devices support jumbo frames up to 9192 bytes. 


Jumbo frames are Ethernet frames with more than 1500 bytes of payload (maximum transmission unit 
[MTU]). Jumbo frames can carry up to 9000 bytes of payload. 


You configure jumbo frames at the physical interface by using the following command: 
set interface interface-name mtu mtu-value 


Example: 


user@host# set interfaces ge-0/0/0 mtu 9192 


The supported range for configuring an MTU packet size is 256 through 9192 bytes. However, all interfaces 
do not support 9192 bytes. For more information on the supported interfaces, see “MTU Default and 
Maximum Values” on page 45. 


Logical Interface Properties 


IN THIS SECTION 


@ Understanding Interface Logical Properties | 49 


@ Understanding Protocol Families | 50 


The logical interfaces can be configured on the security devices and the description is displayed in the 
output of the show commands. The logical properties of the security devices include protocol families, IP 
address or addresses associated with the interface, Virtual LAN (VLAN) tagging, and any firewall filters or 
routing policies. 


| Understanding Interface Logical Properties 


The logical properties of an interface are the characteristics that do not apply to the physical interface or 
the wires connected to it. Logical properties include: 


e Protocol families running on the interface (including any protocol-specific MTUs) 


e IP address or addresses associated with the interface. A logical interface can be configured with an IPv6é 
address, IPv4 address, or both. The IP specification requires a unique address on every interface of each 
system attached to an IP network, so that traffic can be correctly routed. Individual hosts such as home 
computers must have a single IP address assigned. Devices must have a unique IP address for every 
interface. 


e Virtual LAN (VLAN) tagging 


e Any firewall filters or routing policies that are operating on the interface 
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SEE ALSO 


| Understanding Virtual LANs | 61 


| Understanding Protocol Families 


IN THIS SECTION 


@ Common Protocol Suites | 50 


@ = Other Protocol Suites | 51 


A protocol family is a group of logical properties within an interface configuration. Protocol families include 
all the protocols that make up a protocol suite. To use a protocol within a particular suite, you must configure 
the entire protocol family as a logical property for an interface. The protocol families include common and 
not-so-common protocol suites. 


This topic contains the following sections: 


Common Protocol Suites 


Junos OS protocol families include the following common protocol suites: 


e Inet—Supports IP protocol traffic, including OSPF, BGP, and Internet Control Message Protocol (ICMP). 
e Inet6é—Supports IPvé6 protocol traffic, including RIP for IPvé (RIPng), 1S-IS, and BGP. 

e |1SO—Supports IS-IS traffic. 

e MPLS—Supports MPLS. 


NOTE: Junos OS security features are flow-based—meaning the device sets up a flow to examine 
the traffic. Flow-based processing is not supported for ISO or MPLS protocol families. 
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Other Protocol Suites 


In addition to the common protocol suites, Junos protocol families sometimes use the following protocol 
suites: 


ccc—Circuit cross-connect (CCC). 


mlfr-uni-nni—Multilink Frame Relay (MLFR) FRF.16 user-to-network network-to-network (UNI NNI). 


mlfr-end-to-end—Multilink Frame Relay end-to-end. 


mlppp—Multilink Point-to-Point Protocol. 


tcc—Translational cross-connect (TCC). 


tnp—Trivial Network Protocol. This Juniper Networks proprietary protocol provides communication 
between the Routing Engine and the device's packet forwarding components. Junos OS automatically 
configures this protocol family on the device's internal interfaces only. 


Understanding IPv4 and IPvé6 Protocol Family 


IN THIS SECTION 


@ Understanding IPv4 Addressing | 52 
@ — Understanding IPv6é Address Space, Addressing, Address Format, and Address Types | 55 
® Configuring the inet6 IPv6 Protocol Family | 59 


IPv4 addresses are 32-bit numbers that are typically displayed in dotted decimal notation and contains 
two primary parts: the network prefix and the host number. The topics below describes the IPv4 Classful 
Addressing, IPv4 Dotted Decimal Notation, IPv4 Subnetting, |Pv4 Variable-Length Subnet Masks, 
understanding IP Version 6, IPv6é address types and use of them in Junos OS RX Series Services Gateway, 
and configuration of inet6 IPv6 Protocol Family. 


| Understanding IPv4 Addressing 


IN THIS SECTION 


IPv4 Classful Addressing | 52 
IPv4 Dotted Decimal Notation | 53 
IPv4 Subnetting | 53 


IPv4 Variable-Length Subnet Masks | 54 


IPv4 addresses are 32-bit numbers that are typically displayed in dotted decimal notation. A 32-bit address 
contains two primary parts: the network prefix and the host number. 


All hosts within a single network share the same network address. Each host also has an address that 
uniquely identifies it. Depending on the scope of the network and the type of device, the address is either 
globally or locally unique. Devices that are visible to users outside the network (webservers, for example) 
must have a globally unique IP address. Devices that are visible only within the network must have locally 
unique IP addresses. 


IP addresses are assigned by a central numbering authority called the Internet Assigned Numbers Authority 
(IANA). IANA ensures that addresses are globally unique where needed and has a large address space 
reserved for use by devices not visible outside their own networks. 


This topic contains the following sections: 


IPv4 Classful Addressing 


To provide flexibility in the number of addresses distributed to networks of different sizes, 4-octet (32-bit) 
IP addresses were originally divided into three different categories or classes: class A, class B, and class C. 
Each address class specifies a different number of bits for its network prefix and host number: 


e Class A addresses use only the first byte (octet) to specify the network prefix, leaving 3 bytes to define 
individual host numbers. 


e Class B addresses use the first 2 bytes to specify the network prefix, leaving 2 bytes to define host 
addresses. 


e Class C addresses use the first 3 bytes to specify the network prefix, leaving only the last byte to identify 
hosts. 
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In binary format, with an x representing each bit in the host number, the three address classes can be 
represented as follows: 


OOOO00000 xxxxxxxxk XXXXXXXX XXXXXxXxx (Class A) 
00000000 OO0000000 xxxxxxxx xxxxxxxx (Class B) 
00000000 00000000 00000000 xxxxxxxx (Class C) 


Because each bit (x) in a host number can have a O or 1 value, each represents a power of 2. For example, 
if only 3 bits are available for specifying the host number, only the following host numbers are possible: 


Lili 110 101, 100 Oli O10 OO OW 


In each IP address class, the number of host-number bits raised to the power of 2 indicates how many 
host numbers can be created for a particular network prefix. Class A addresses have a (or 16,777,216) 
possible host numbers, class B addresses have gre (or 65,536) host numbers, and class C addresses have 


oi (or 256) possible host numbers. 


IPv4 Dotted Decimal Notation 


The 32-bit IPv4 addresses are most often expressed in dotted decimal notation, in which each octet (or 
byte) is treated as a separate number. Within an octet, the rightmost bit represents oa (or 1), increasing to 
the left until the first bit in the octet is 2” (or 128). Following are IP addresses in binary format and their 


dotted decimal equivalents: 


LENO EO VC ORO EEO COLOR EEO OOO OOP ROTO ROMOR eZ 0 Sr ois rho Ze s1a7,0 
CAE EE OTERO MOCO Os Se SOO OO MORO sO MOaE Mik), Los 44 ses 
GOALOO LL MLOOLLOE OOLMLLOG OOM = Sil 204.60.59 


IPv4 Subnetting 


Because of the physical and architectural limitations on the size of networks, you often must break large 
networks into smaller subnetworks. Within a network, each wire or ring requires its own network number 
and identifying subnet address. 


Figure 1 on page 54 shows two subnets in a network. 


Figure 1: Subnets in a Network 
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Figure 1 on page 54 shows three devices connected to one subnet and three more devices connected to 
a second subnet. Collectively, the six devices and two subnets make up the larger network. In this example, 
the network is assigned the network prefix 192.14.0.0, a class C address. Each device has an IP address 
that falls within this network prefix. 


In addition to sharing a network prefix (the first two octets), the devices on each subnet share a third octet. 
The third octet identifies the subnet. All devices on a subnet must have the same subnet address. In this 
case, the alpha subnet has the IP address 192.14.126.0 and the beta subnet has the IP address 192.14.17.0. 


The subnet address 192.14.17.0 can be represented as follows in binary notation: 


LOO OO ORO. 010 C5151) Oe O10 ORO OOM esxcxoxcocscx5c 


Because the first 24 bits in the 32-bit address identify the subnet, the last 8 bits are not significant. To 
indicate the subnet, the address is written as 192.14.17.0/24 (or just 192.14.17/24). The /24 is the subnet 
mask (sometimes shown as 255.255.255.0). 


IPv4 Variable-Length Subnet Masks 


Traditionally, subnets were divided by address class. Subnets had either 8, 16, or 24 significant bits, 
corresponding to aa a or 2° possible hosts. As a result, an entire /16 subnet had to be allocated for a 
network that required only 400 addresses, wasting 65,136 oa - 400 = 65,136) addresses. 


To help allocate address spaces more efficiently, variable-length subnet masks (VLSMs) were introduced. 
Using VLSM, network architects can allocate more precisely the number of addresses required for a 
particular subnet. 
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For example, suppose a network with the prefix 192.14.17/24 is divided into two smaller subnets, one 
consisting of 18 devices and the other of 46 devices. 


To accommodate 18 devices, the first subnet must have 2 (32) host numbers. Having 5 bits assigned to 
the host number leaves 27 bits of the 32-bit address for the subnet. The IP address of the first subnet is 
therefore 192.14.17.128/27, or the following in binary notation: 


11000000 . 00001110 . 00010001 . 100xxxxx 


The subnet mask includes 27 significant digits. 


To create the second subnet of 46 devices, the network must accommodate 2° (64) host numbers. The IP 
address of the second subnet is 192.14.17.64/26, or 


11000000 . 00001110 . 00010001 . O1lxxxxxx 


By assigning address bits within the larger /24 subnet mask, you create two smaller subnets that use the 
allocated address space more efficiently. 


Understanding IPv6é Address Space, Addressing, Address Format, and 
Address Types 


Understanding IP Version 6 (IPv6) 


The ongoing expansive growth of the Internet and the need to provide IP addresses to accommodate it—to 
support increasing numbers of new users, computer networks, Internet-enabled devices, and new and 
improved applications for collaboration and communication—is escalating the emergent use of a new IP 
protocol. IPvé6, with its robust architecture, was designed to satisfy these current and anticipated near 
future requirements. 


IP version 4 (IPv4) is widely used throughout the world today for the Internet, intranets, and private 
networks. IPv6 builds upon the functionality and structure of IPv4 in the following ways: 


e Provides a simplified and enhanced packet header to allow for more efficient routing. 
e Improves support for mobile phones and other mobile computing devices. 
e Enforces increased, mandatory data security through IPsec (which was originally designed for it). 


e Provides more extensive quality-of-service (QoS) support. 


IPv6 addresses consist of 128 bits, instead of 32 bits, and include a scope field that identifies the type of 
application suitable for the address. IPv6 does not support broadcast addresses, but instead uses multicast 
addresses for broadcast. In addition, IPv6é defines a new type of address called anycast. 


Understanding IPv6é Address Types and How Junos OS for SRX Series Services Gateway Uses 
Them 


IP version 6 (IPv6) includes the following types of addresses: 


e Unicast 


A unicast address specifies an identifier for a single interface to which packets are delivered. Under IPv6, 
the vast majority of Internet traffic is foreseen to be unicast, and it is for this reason that the largest 
assigned block of the IPv6é address space is dedicated to unicast addressing. Unicast addresses include 
all addresses other than loopback, multicast, link-local-unicast, and unspecified. 


For SRX Series devices, the flow module supports the following kinds of IPv6 unicast packets: 


Pass-through unicast traffic, including traffic from and to virtual routers. The device transmits 
pass-through traffic according to its routing table. 


Host-inbound traffic from and to devices directly connected to SRX Series interfaces. For example, 
host-inbound traffic includes logging, routing protocol, and management types of traffic. The flow 
module sends these unicast packets to the Routing Engine and receives them from it. Traffic is processed 
by the Routing Engine instead of by the flow module, based on routing protocols defined for the 


Routing Engine. 


The flow module supports all routing and management protocols that run on the Routing Engine. Some 
examples are OSPFv3, RIPng, TELNET, and SSH. 


Multicast 


A multicast address specifies an identifier for a set of interfaces that typically belong to different nodes. 
It is identified by a value of OxFF. IPv6é multicast addresses are distinguished from unicast addresses by 
the value of the high-order octet of the addresses. 


The devices support only host-inbound and host-outbound multicast traffic. Host inbound traffic includes 


logging, routing protocols, management traffic, and so on. 


Anycast 


An anycast address specifies an identifier for a set of interfaces that typically belong to different nodes. 
A packet with an anycast address is delivered to the nearest node, according to routing protocol rules. 


There is no difference between anycast addresses and unicast addresses except for the subnet-router 
address. For an anycast subnet-router address, the low order bits, typically 64 or more, are zero. Anycast 


addresses are taken from the unicast address space. 
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The flow module treats anycast packets in the same way as it handles unicast packets. If an anycast 
packet is intended for the device, it is treated as host-inbound traffic, and it delivers it to the protocol 
stack which continues processing it. 


IPv6é Address Scope 


Unicast and multicast IPv6 addresses support address scoping, which identifies the application suitable 
for the address. 


Unicast addresses support global address scope and two types of local address scope: 


e Link-local unicast addresses—Used only on a single network link. The first 10 bits of the prefix identify 
the address as a link-local address. Link-local addresses cannot be used outside the link. 


e Site-local unicast addresses—Used only within a site or intranet. A site consists of multiple network links. 
Site-local addresses identify nodes inside the intranet and cannot be used outside the site. 


Multicast addresses support 16 different types of address scope, including node, link, site, organization, 


and global scope. A 4-bit field in the prefix identifies the address scope. 


IPv6 Address Structure 


Unicast addresses identify a single interface. Each unicast address consists of n bits for the prefix, and 
128 - n bits for the interface ID. 


Multicast addresses identify a set of interfaces. Each multicast address consists of the first 8 bits of all 1s, 
a 4-bit flags field, a 4-bit scope field, and a 112-bit group ID: 


HTL | “igs | seem || grew ID 


The first octet of 1s identifies the address as a multicast address. The flags field identifies whether the 
multicast address is a well-known address or a transient multicast address. The scope field identifies the 
scope of the multicast address. The 112-bit group ID identifies the multicast group. 


Similar to multicast addresses, anycast addresses identify a set of interfaces. However, packets are sent 
to only one of the interfaces, not to all interfaces. Anycast addresses are allocated from the normal unicast 
address space and cannot be distinguished from a unicast address in format. Therefore, each member of 
an anycast group must be configured to recognize certain addresses as anycast addresses. 


Understanding IPv6é Address Space, Addressing, and Address Types 


Addressing is the area where most of the differences between IP version 4 (IPv4) and IPvé6 exist, but the 
changes are largely about the ways in which addresses are implemented and used. IPvé has a vastly larger 
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address space than the impending exhausted IPv4 address space. IPv6 increases the size of the IP address 
from the 32 bits that compose an IPv4 address to 128 bits. Each extra bit given to an address doubles the 
size of the address space. 


IPv4 has been extended using techniques such as Network Address Translation (NAT), which allows for 

ranges of private addresses to be represented by a single public address, and temporary address assignment. 
Although useful, these techniques fall short of the requirements of novel applications and environments 
such as emerging wireless technologies, always-on environments, and Internet-based consumer appliances. 


In addition to the increased address space, IPv6 addresses differ from IPv4 addresses in the following 
ways: 


e Includes a scope field that identifies the type of application that the address pertains to 
e Does not support broadcast addresses, but instead uses multicast addresses to broadcast a packet 


e Defines a new type of address, called anycast 


Understanding IPv6é Address Format 


All|Pv6 addresses are 128 bits long, written as 8 sections of 16 bits each. They are expressed in hexadecimal 
representation, so the sections range from O to FFFF. Sections are delimited by colons, and leading zeroes 
in each section may be omitted. If two or more consecutive sections have all zeroes, they can be collapsed 
to a double colon. 


IPv6 addresses consist of 8 groups of 16-bit hexadecimal values separated by colons (:). IPv6 addresses 
have the following format: 


adda: addaa:adaada:aaaa:aadad:adada:adaada:aaaa 


Each aaaa is a 16-bit hexadecimal value, and each a is a 4-bit hexadecimal value. Following is a sample 
IPv6 address: 





SHEE OOO OOOO OR 00 ONS70 ZU 0 hic hhe Hilo 510 DIE 








You can omit the leading zeros of each 16-bit group, as follows: 





SH, 20303 i 6 200 sien gia, 7/5 3 SOME 
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You can compress 16-bit groups of zeros to double colons (::) as shown in the following example, but only 
once per address: 





SHS SAL 3 BOO) siisjain gia, 7S) 3 SlONDIE 








An IPvé6 address prefix is a combination of an IPv6 prefix (address) and a prefix length. The prefix takes 
the form ipv6-prefix/prefix-length and represents a block of address space (or a network). The ipv6-prefix 
variable follows general IPv6 addressing rules. The prefix-length variable is a decimal value that indicates 
the number of contiguous, higher-order bits of the address that make up the network portion of the 
address. For example, 10FA:6604:8136:6502::/64 is a possible IPv6 prefix with zeros compressed. The 
site prefix of the IPv6 address 10FA:6604:8136:6502::/64 is contained in the left most 64 

bits, 10FA:6604:8136:6502. 


For more information on the text representation of IPv6é addresses and address prefixes, see RFC 4291, 
IP Version 6 Addressing Architecture. 


Limitations 
SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices have the following limitations: 
e Changes in source AS and destination AS are not immediately reflected in exported flows. 


e IPvé traffic transiting over IPv4 based IP over IP tunnel (for example, IPv6-over-IPv4 using ip-x/x/x 
interface) is not supported. 


SEE ALSO 


About the IPv6 Basic Packet Header 


Understanding IPv6é Packet Header Extensions 


Configuring the inet6 IPv6é Protocol Family 


In configuration commands, the protocol family for IPvé is named ineté. In the configuration hierarchy, 
instances of inet6 are parallel to instances of inet, the protocol family for IPv4. In general, you configure 
inet6 settings and specify IPv6é addresses in parallel to inet settings and IPv4 addresses. 


NOTE: On SRX Series devices, on configuring identical IPs on a single interface, you will not see 
a warning message; instead, you will see a syslog message. 
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The following example shows the CLI commands you use to configure an IPvé6 address for an interface: 


[edit] 


user@host# show interfaces 


ge-0/0/0 { 
winwvie O 4 
family inet { 
ackinass. 10,100.37 178/24 


[edit] 
user@host# set interfaces ge-0/0/0 unit 0 family ? 


Possible completions: 


+ apply-groups Groups from which to inherit configuration data 





apply-groups-except Don't inherit configuration data from these groups 








Pcee Circuit cross-connect parameters 

> ethernet-—switching Ethernet switching parameters 

> inet IPv4 parameters 

> inet6 IPv6 protocol parameters 

> iso OSI ISO protocol parameters 

> mpls MPLS protocol parameters 

eee Translational cross-connect parameters 

Pips) Virtual private LAN service parameters 
[edit] 


user@host# set interfaces ge-0/0/0 unit 0 family inet6 address 8d8d:8d01::1/64 


user@host# show interfaces 


ge-0/0/0 { 
wine O ff 
family inet { 
aclshaasis: 10, 100,37, 113/24 


family ineté { 
address 8d8d:8d01::1/64; 





SEE ALSO 


| Enabling Flow-Based Processing for IPvé Traffic 
Configuring VLAN Tagging 


IN THIS SECTION 


@ ~~ Understanding Virtual LANs | 61 
@ VLAN IDs and Ethernet Interface Types Supported on the SRX Series Devices | 63 
@ Configuring VLAN Tagging | 64 


Virtual LANs (VLANs) allow network architects to segment LANs into different broadcast domains based 
on logical groupings. The topic below describes the configuration of these tagged VLANs, VLAN IDs, and 
supported Ethernet interface types on SRX series devices. 


| Understanding Virtual LANs 


ALAN is a single broadcast domain. When traffic is broadcast, all hosts within the LAN receive the broadcast 
traffic. A LAN is determined by the physical connectivity of devices within the domain. 


Within a traditional LAN, hosts are connected by a hub or repeater that propagates any incoming traffic 
throughout the network. Each host and its connecting hubs or repeaters make up a LAN segment. LAN 
segments are connected through switches and bridges to form the broadcast domain of the LAN. 
Figure 2 on page 62 shows a typical LAN topology. 
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Figure 2: Typical LAN 
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Virtual LANs (VLANs) allow network architects to segment LANs into different broadcast domains based 
on logical groupings. Because the groupings are logical, the broadcast domains are not determined by the 
physical connectivity of the devices in the network. Hosts can be grouped according to a logical function, 
to limit the traffic broadcast within the VLAN to only the devices for which the traffic is intended. 
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Suppose a corporate network has three major organizations: engineering, sales, and support. Using VLAN 
tagging, hosts within each organization can be tagged with a different VLAN identifier. Traffic sent to the 
broadcast domain is then checked against the VLAN identifier and broadcast to only the devices in the 
appropriate VLAN. Figure 3 on page 62 shows a typical VLAN topology. 


Figure 3: Typical VLAN 
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SEE ALSO 


| MPLS Applications User Guide 


VLAN IDs and Ethernet Interface Types Supported on the SRX Series 
Devices 


Table 10 on page 63 lists VLAN ID range by interface type supported on SRX Series devices: 


Table 10: VLAN ID Range by Interface Type Supported on the SRX Series Devices 


Interface Type Interface Type VLAN ID Range 
2-Port 10-Gigabit Ethernet 1 through 4094 
10-Gigabit Ethernet 1 through 4094 
16-Port Gigabit Ethernet 1 through 4094 
24-Port Gigabit Ethernet 1 through 4094 
Aggregated Ethernet for Fast Ethernet 1 through 1023 
Aggregate Ethernet for Gigabit Ethernet 1 through 4094 
Gigabit Ethernet 1 through 4094 
Management and internal Ethernet interfaces 1 through 1023 


NOTE: On SRX210, SRX220, SRX240, SRX320, and SRX340 devices, on 1-GE SFP Mini-PIM, 
the VLAN ID 4093 falls under the reserved VLAN address range. (Platform support depends on 
the Junos OS release in your installation.) Because of this, you will not be able to configure VLAN 
ID from this range. 


SEE ALSO 


Understanding Interface Physical Properties | 40 
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| Configuring VLAN Tagging 


IN THIS SECTION 


@ Configuring Single-Tag Framing | 64 

@ = Configuring Dual Tagging | 65 

@ = Configuring Mixed Tagging | 65 

@ ~~ Configuring Mixed Tagging Support for Untagged Packets | 66 


You can configure SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices to receive and 
forward single-tag frames, dual-tag frames, or a mixture of single-tag and dual-tag frames. 


See Table 11 on page 64 for flexible VLANs. 


Table 11: Flexible VLANs 


Number of Tags VLAN ID 
O (Untagged) Native 

1 (Tagged) Single 

2 (Dual tagged) Dual 


This topic includes the following sections: 


Configuring Single-Tag Framing 


To configure a device to receive and forward single-tag frames with 802.1Q VLAN tags, include the 
vlan-tagging statement at the [edit interfaces interface-name] hierarchy level: 


[edit interfaces interface-name] 
vlan-tagging; 


NOTE: SRX5400, SRX5600, and SRX5800 only support single-tag framing. 
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Configuring Dual Tagging 


To configure the device to receive and forward dual-tag frames with 802.1Q VLAN tags, include the 
flexible-vlan-tagging statement at the [edit interfaces interface-name] hierarchy level: 


[edit interfaces interface-name] 
flexible-vlan-tagging; 


Configuring Mixed Tagging 


Mixed tagging is supported on ethernet interfaces of SRX300, SRX320, SRX340, SRX345, SRX380, and 
SRX550HM devices. Mixed tagging lets you configure two logical interfaces on the same Ethernet port, 
one with single-tag framing and one with dual-tag framing. 


To configure mixed tagging, include the flexible-vlan-tagging statement at the [edit interfaces 
ge-fpc/pic/port | hierarchy level. You must also include the vlan-tags statement with inner and outer 
options or the vlan-id statement at the [edit interfaces ge-fpc/pic/port unit logical-unit-number] hierarchy 
level: 


[edit interfaces ge-fpc/pic/port] 
flexible-vlan-tagging; 
unit logical-unit-number { 
vlan-id number; 
family family { 
address address; 


} 
unit logical-unit-number { 
vian-tags inner tpid.vlan-id outer tpid.vlan-id; 
family family { 
address address; 
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NOTE: When you configure the physical interface MTU for mixed tagging, you must increase 
the MTU to 4 bytes more than the MTU value you would configure for a standard VLAN-tagged 
interface. 


For example, if the MTU value is configured to be 1018 on a VLAN-tagged interface, then the 
MTU value on a flexible VLAN tagged interface must be 1022—4 bytes more. The additional 4 
bytes accommodates the future addition of a stacked VLAN tag configuration on the same 
physical interface. 


The following example configures mixed tagging. Dual-tag and single-tag logical interfaces are under the 
same physical interface: 


[edit interfaces ge-0/2/0] 
flexible-vlan-tagging; 
unit O { 
vilan-id 232; 
family inet { 
address 10.66.1.2/30; 


} 
unit 1 { 
vian-tags outer 0x8100.222 inner 0x8100.221; 
family inet { 
address 10.66.1.2/30; 


Configuring Mixed Tagging Support for Untagged Packets 


You can configure mixed tagging support for untagged packets on a port. Untagged packets are accepted 
on the same mixed VLAN-tagged port. To accept untagged packets, include the native-vlan-id statement 
and the flexible-vlan-tagging statement at the [edit interfaces interface-name] hierarchy level: 


[edit interfaces ge-fpc/pic/port] 
flexible-vlan-tagging; 
native-vlan-id number; 
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NOTE: The flexible-vlan-tagging is supported only with either no encapsulation or VPLS VLAN 
encapsulation. 


The logical interface on which untagged packets are to be received must be configured with the same 
native VLAN ID as that configured on the physical interface. To configure the logical interface, include the 
vian-id statement (matching the native-vlan-id statement on the physical interface) at the [edit interfaces 
interface-name unit logical-unit-number] hierarchy level. 


The following example configures untagged packets to be mapped to logical unit number O: 


[edit interfaces ge-0/2/0] 
flexible-vlan-tagging; 
native-vlan-id 232; 
unit O { 
vilan-id 232; 
family inet { 
address 10.66.1.2/30; 


} 
unit 1 { 
vian-tags outer 0x8100.222 inner 0x8100.221; 
family inet { 
address 10.66.1.2/30; 
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Configuring DS1 Interfaces 


IN THIS SECTION 


@ Understanding T1 and E11 Interfaces | 69 
@ Example: Configuring a T1 Interface | 73 
@ Example: Deleting a T1 Interface | 76 


T1 and E11 refer to the data transmission formats that carry DS1 signals across interfaces. The below topic 
discuss the functionality of T1 and E1, configuration details and also deleting the T1 interface. 


| Understanding T1 and E11 Interfaces 


IN THIS SECTION 


T1 Overview | 70 

E1 Overview | 70 

T1 and E11 Signals | 70 
Encoding | 71 

T1 and E1 Framing | 72 


T1 and E1 Loopback Signals | 72 


T1 and E1 are equivalent digital data transmission formats that carry DS1 signals. T1 and E11 lines can be 


interconnected for international use. 


This topic contains the following sections: 
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T1 Overview 


T1 is a digital data transmission medium capable of handling 24 simultaneous connections running at a 
combined 1.544 Mbps. T1 combines these 24 separate connections, called channels or time slots, onto a 
single link. T1 is also called DS1. 


The T1 data stream is broken into frames. Each frame consists of a single framing bit and 24 8-bit channels, 
totaling 192 bits per T1 frame. Frames are transmitted 8,000 times per second, at a data transmission rate 
of 1.544 Mbps (8,000 x 193 = 1.544 Mbps). 


As each frame is received and processed, the data in each 8-bit channel is maintained with the channel 
data from previous frames, enabling T1 traffic to be separated into 24 separate flows across a single 
medium. For example, in the following set of 4-channel frames (without a framing bit), the data in channel 1 
consists of the first octet of each frame, the data in channel 2 consists of the second octet of each frame, 
and so on: 


Cineua, iL Cae, 2 Chiara Chan. 4 
Frame 1 [10001100] [00110001] [11111000] [10101010] 
Frame 2 [11100101] [01110110] [10001000] [11001010] 
Frame 3 [00010100] [00101111] [11000001] [00000001] 


E1 Overview 


E1 is the European format for DS1 digital transmission. E1 links are similar to T1 links except that they 
carry signals at 2.048 Mbps. Each signal has 32 channels, and each channel transmits at 64 Kbps. E11 links 
have higher bandwidth than T1 links because it does not reserve one bit for overhead. Whereas, T1 links 
use 1 bit in each channel for overhead. 


T1 and E11 Signals 


T1 and E11 interfaces consist of two pairs of wires—a transmit data pair and a receive data pair. Clock 
signals, which determine when the transmitted data is sampled, are embedded in the T1 and E1 
transmissions. 


Typical digital signals operate by sending either zeros (Os) or ones (1s), which are usually represented by 
the absence or presence of a voltage on the line. The receiving device need only detect the presence of 
the voltage on the line at the particular sampling edge to determine whether the signal is O or 1. T1 and 
E1, however, use bipolar electrical pulses. Signals are represented by no voltage (0), positive voltage (1), 
or negative voltage (1). The bipolar signal allows T1 and E11 receivers to detect error conditions in the line, 
depending on the type of encoding that is being used. 
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Encoding 


The following are common T1 and E11 encoding techniques: 


e Alternate mark inversion (AMI)—T1 and E1 
e Bipolar with 8-zero substitution (B8ZS)—T1 only 
e High-density bipolar 3 code (HDB3)—E1 only 


AMI Encoding 


AMI encoding forces the 1s signals on a T1 or E11 line to alternate between positive and negative voltages 
for each successive 1 transmission, as in this sample data transmission: 


Li@i@gigda 
» = Oar O = © a 


When AMI encoding is used, a data transmission with a long sequence of Os has no voltage transitions on 
the line. In other words, voice transmission does not use AMI encoding because it never encounters the 
“long string of zeroes” problem. In this situation, devices have difficulty maintaining clock synchronization, 
because they rely on the voltage fluctuations to constantly synchronize with the transmitting clock. To 
counter this effect, the number of consecutive Os in a data stream is restricted to 15. This restriction is 
called the 1s density requirement, because it requires a certain number of 1s for every 15 Os that are 
transmitted. 


On an AMI-encoded line, two consecutive pulses of the same polarity—either positive or negative—are 
called a bipolar violation (BPV), which is generally flagged as an error. 


B8ZS and HDB3 Encoding 


Neither B8ZS nor HDB3 encoding restricts the number of Os that can be transmitted on a line. Instead, 
these encoding methods detect sequences of Os and substitute bit patterns for the sequences to provide 
the signal oscillations required to maintain timing on the link. 


The B8ZS encoding method for T1 lines detects sequences of eight consecutive O transmissions and 
substitutes a pattern of two consecutive BPVs (11110000). Because the receiving end uses the same 
encoding, it detects the BPVs as Os substitutions, and no BPV error is flagged. A single BPV, which does 
not match the 11110000 substitution bit sequence is likely to generate an error, depending on the 
configuration of the device. 


B8ZS uses bipolar violations to synchronize devices, a solution that does not require the use of extra bits, 
which means a T1 circuit using B8ZS can use the full 64 Kbps for each channel for data. 


The HDB3 encoding method for E11 lines detects sequences of four consecutive O transmissions and 
substitutes a single BPV (1100). Similar to BBZS encoding, the receiving device detects the Os substitutions 
and does not generate a BPV error. 
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T1 and E1 Framing 


T1 interfaces uses extended superframe (ESF). E1 interfaces use G.704 framing or G.704 with no CRC4 
framing, or can be in unframed mode. 


ESF Framing for T1 


ESF extends the D4 superframe from 12 frames to 24 frames. By expanding the size of the superframe, 
ESF increases the number of bits in the superframe framing pattern from 12 to 24. The extra bits are used 
for frame synchronization, error detection, and maintenance communications through the facilities data 
link (FDL). 


The ESF pattern for synchronization bits is 001011. Only the framing bits from frames 4, 8, 12, 16, 20, 
and 24 in the superframe sequence are used to create the synchronization pattern. 


The framing bits from frames 2, 6, 10, 14, 18, and 22 are used to pass a CRC code for each superframe 
block. The CRC code verifies the integrity of the received superframe and detects bit errors with a CRC6 
algorithm. 


The framing bits for frames 1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, and 23 are used for the data link channel. 
These 12 bits enable the operators at the network control center to query the remote equipment for 
information about the performance of the link. 


T1 and E1 Loopback Signals 
The control signal on a T1 or E11 link is the loopback signal. Using the loopback signal, the operators at the 
network control center can force the device at the remote end of a link to retransmit its received signals 


back onto the transmit path. The transmitting device can then verify that the received signals match the 
transmitted signals, to perform end-to-end checking on the link. 


Two loopback signals are used to perform the end-to-end testing: 


e The loop-up command signal sets the link into loopback mode, with the following command pattern: 


a 6 cAWOOOLOOOOLOOOOLOW. oo 


e The loop-down signal returns the link to its normal mode, with the following command pattern: 


peers OOR RO OED OHNOORAOOHO ORF 


While the link is in loopback mode, the operator can insert test equipment onto the line to test its operation. 


| Example: Configuring a T1 Interface 


IN THIS SECTION 


Requirements | 73 
Overview | 73 


Configuration | 73 


Verification | 75 


This example shows how to complete the initial configuration on a T1 interface. 


Requirements 


Before you begin, install a PIM, connect the interface cables to the ports, and power on the device. See 
the Getting Started Guide for your device. 


Overview 


This example describes the initial configuration that you must complete on each network interface. In this 
example, you configure the t1-1/0/0 interface as follows: 


e You create the basic configuration for the new interface by setting the encapsulation type to ppp. You 
can enter additional values for physical interface properties as needed. 


e You set the logical interface to 0. Note that the logical unit number can range from O through 16,384. 
You can enter additional values for properties you need to configure on the logical interface, such as 
logical encapsulation or protocol family. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces t1-1/0/0 encapsulation ppp unit O 


Step-by-Step Procedure 
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The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure a T1 interface: 
1. Create the interface. 


[edit] 
user@host# edit interfaces t1-1/0/0 


2. Create the basic configuration for the new interface. 


[edit interfaces t1-1/0/0] 
user@host# set encapsulation ppp 


3. Add logical interfaces. 


[edit interfaces t1-1/0/0] 
user@host# set unit 0 


Results 


From configuration mode, confirm your configuration by entering the show interfaces command. If the 
output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


For brevity, this show interfaces command output includes only the configuration that is relevant to this 
example. Any other configuration on the system has been replaced with ellipses (...). 


[edit] 
t1-1/0/0 { 


encapsulation ppp; 
unit O; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


@ Verifying the Link State of All Interfaces | 75 


@ Verifying Interface Properties | 75 


Confirm that the configuration is working properly. 


Verifying the Link State of All Interfaces 


Purpose 
By using the ping tool on each peer address in the network, verify that all interfaces on the device are 


operational. 


Action 


For each interface on the device: 


1. In the J-Web interface, select Troubleshoot>Ping Host. 


2. In the Remote Host box, type the address of the interface for which you want to verify the link state. 


3. Click Start. The output appears on a separate page. 


PING 10.10.10.10 : 56 data bytes 
64 bytes from 10.10.10.10: icmp_seq=0 ttl=255 time=0.382 ms 
64 bytes from 10.10.10.10: icmp_seq=1 ttl=255 time=0.266 ms 


If the interface is operational, it generates an ICMP response. If this response is received, the round-trip 
time, in milliseconds, is listed in the time field. 


Verifying Interface Properties 


Purpose 


Verify that the interface properties are correct. 


Action 


From the operational mode, enter the show interfaces detail command. 
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The output shows a summary of interface information. Verify the following information: 


e The physical interface is Enabled. If the interface is shown as Disabled, do one of the following: 


e Inthe CLI configuration editor, delete the disable statement at the [edit interfaces t1-1/0/0] level of 
the configuration hierarchy. 


e In the J-Web configuration editor, clear the Disable check box on the Interfaces> t1-1/0/0 page. 
e The physical link is Up. A link state of Down indicates a problem with the interface module, interface 
port, or physical connection (link-layer errors). 


e The Last Flapped time is an expected value. It indicates the last time the physical interface became 
unavailable and then available again. Unexpected flapping indicates likely link-layer errors. 


e The traffic statistics reflect expected input and output rates. Verify that the number of input and output 
bytes and packets matches expected throughput for the physical interface. To clear the statistics and 
see only new changes, use the clear interfaces statistics t1-1/0/0 command. 


Example: Deleting a T1 Interface 


IN THIS SECTION 


Requirements | 76 
Overview | 76 


Configuration | 77 


Verification | 77 


This example shows how to delete a T1 interface. 


Requirements 


No special configuration beyond device initialization is required before configuring an interface. 


Overview 


In this example, you delete the t1-1/0/0 interface. 


NOTE: Performing this action removes the interface from the software configuration and disables 
it. Network interfaces remain physically present, and their identifiers continue to appear on the 
J-Web pages. 


Configuration 


Step-by-Step Procedure 


To delete a T1 interface: 


1. Specify the interface you want to delete. 


[edit interfaces] 
user@host# delete t1-1/0/0 


2. If you are done configuring the device, commit the configuration. 


[edit interfaces] 
user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interfaces command. 


Configuring DS3 Interfaces 


IN THIS SECTION 


@ Understanding T3 and E3 Interfaces | 78 
@ Example: Configuring a T3 Interface | 83 


@ Example: Deleting a T3 Interface | 86 
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DS3 interfaces, also referred to as T3, is an high-speed data transmission medium formed by multiplexing 
DS1 and DS2 signals. The below topic discuss the functionality of T3 interfaces, configuration details and 
also deleting the T3 interface. 


Understanding T3 and E3 Interfaces 


IN THIS SECTION 


@ = Multiplexing DS1 Signals | 78 
@  DS2 Bit Stuffing | 79 
@  DS3 Framing | 79 


T3 is a high-speed data-transmission medium formed by multiplexing 28 DS1 signals into seven separate 
DS2 signals, and combining the DS2 signals into a single DS3 signal. T3 links operate at 43.736 Mbps. T3 
is also called DS3. 


E3 is the equivalent European transmission format. E3 links are similar to T3 (DS3) links, but carry signals 
at 34.368 Mbps. Each signal has 16 E1 channels, and each channel transmits at 2.048 Mbps. E3 links use 
all 8 bits of a channel, whereas T3 links use 1 bit in each channel for overhead. 


Multiplexing DS1 Signals 


Four DS1 signals combine to form a single DS2 signal. The four DS1 signals form a single DS2 M-frame, 
which includes subframes M1 through M4. Each subframe has six 49-bit blocks, for a total of 294 bits per 
subframe. The first bit in each block is a DS2 overhead (OH) bit. The remaining 48 bits are DS1 information 
bits. 


Figure 4 on page 79 shows the DS2 M-frame format. 


Figure 4: DS2 M-Frame Format 
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The four DS2 subframes are not four DS1 channels. Instead, the DS1 data bits within the subframes are 
formed by data interleaved from the DS1 channels. The O values designate time slots devoted to DS1 
inputs as part of the bit-by-bit interleaving process. After eveiy 48 DS11 information bits (12 bits from each 
signal), a DS2 OH bit is inserted to indicate the start of a subframe. 


DS2 Bit Stuffing 


Because the four DS1 signals are asynchronous signals, they might operate at different line rates. To 
synchronize the asynchronous streams, the multiplexers on the line use bit stuffing. 


A DS2 connection requires a nominal transmit rate of 6.304 Mbps. However, because multiplexers increase 
the overall output rate to the intermediate rate of 6.312 Mbps, the output rate is higher than individual 
input rates on DS1 signals. The extra bandwidth is used to stuff the incoming DS1 signals with extra bits 
until the output rate of each signal equals the increased intermediate rate. These stuffed bits are inserted 
at fixed locations in the DS2 M-frame. When DS2 frames are received and the signal is demultiplexed, the 
stuffing bits are identified and removed. 


DS3 Framing 


A set of four DS1 signals is multiplexed into seven DS2 signals, which are multiplexed into a single DS3 
signal. The multiplexing occurs just as with DS1-to-DS2 multiplexing. The resulting DS3 signal uses either 
the standard M13 asynchronous framing format or the C-bit parity framing format. Although the two 
framing formats differ in their use of control and message bits, the basic frame structures are identical. 
The DS3 frame structures are shown in Figure 5 on page 80 and Figure 6 on page 81. 


M13 Asynchronous Framing 


A DS3 M-frame includes seven subframes, formed by DS2 data bits interleaved from the seven multiplexed 
DS2 signals. Each subframe has eight 85-bit blocks—a DS3 OH bit plus 84 data bits. The meaning of an 


OH bit depends on the block it precedes. Standard DS3 M13 asynchronous framing format is shown in 
Figure 5 on page 80. 


Figure 5: DS3 M13 Frame Format 
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A DS3 M13 M-frame contains the following types of OH bits: 


Framing bits (F-bits)—Make up a frame alignment signal that synchronizes DS3 subframes. Each DS3 
frame contains 28 F-bits (4 bits per subframe). F-bits are located at the beginning of blocks 2, 4, 6, and 
8 of each subframe. When combined, the frame alignment pattern for each subframe is 1001. The pattern 
can be examined to detect bit errors in the transmission. 


Multiframing bits (M-bits)—Make up a multiframe alignment signal that synchronizes the M-frames in a 
DS3 signal. Each DS3 frame contains 3 M-bits, which are located at the beginning of subframes 5, 6, 
and 7. When combined, the multiframe alignment patter for each M-frame is 010. 


Bit stuffing control bits (C-bits)—Serve as bit stuffing indicators for each DS2 input. For example, Cy 
C and C., are indicators for DS2 input 1. Their values indicate whether DS3 bit stuffing has occurred 
at the multiplexer. If the three C-bits in a subframe are all Os, no stuffing was performed for the DS2 
input. If the three C-bits are all 1s, stuffing was performed. 
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e Message bits (X-bits)—Used by DS3 transmitters to embed asynchronous in-service messages in the 
data transmission. Each DS3 frame contains 2 X-bits, which are located at the beginning of subframes 
1 and 2. Within an DS3 M-frame, both X-bits must be identical. 


Parity bits (P-bits)—-Compute parity over all but 1 bit of the M-frame. (The first X-bit is not included.) 
Each DS3 frame contains 2 P-bits, which are located at the beginning of subframes 3 and 4. Both P-bits 


must be identical. 


If the previous DS3 frame contained an odd number of 1s, both P-bits are set to 1. If the previous DS3 
contained an even number of 1s, both P-bits are set to O. If, on the receiving side, the number of 1s for 
a given frame does not match the P-bits in the following frame, it indicates one or more bit errors in the 
transmission. 


C-Bit Parity Framing 


In M13 framing, every C-bit in a DS3 frame is used for bit stuffing. However, because multiplexers first 
use bit stuffing when multiplexing DS1 signals into DS2 signals, the incoming DS2 signals are already 
synchronized. Therefore, the bit stuffing that occurs when DS2 signals are multiplexed is redundant. 


C-bit parity framing format redefines the function of C-bits and X-bits, using them to monitor end-to-end 
path performance and provide in-band data links. The C-bit parity framing structure is shown in 
Figure 6 on page 81. 


Figure 6: DS3 C-Bit Parity Framing 


























































































































Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 Block 8 
X 84 Fy 84 AIC [84] Fo [84] Na [84] Fo [84] FEAC [84] Fy 84 
< 1st M-subframe > 
X 84 Fy 84 DL [84] Fo [84] DL [84] Fo [84] DL 84 Fy 84 
< 2nd M-subframe > 
P 84 Fy 84 CP [84] Fo 84 cP [84] Fo [84] cP 84 Fy 84 
< 3rd M-subframe > 
P 84 Fy 84 FEBE [84 Fo 84 FEBE [84 Fo 84 FEBE [84 Fy 84 
< 4th M-subframe > 
Mo [84 Fy 84 DL 84 Fo 84 DL 84 Fo 84 DL 84 Fy 84 
< 5th M-subframe > 
My 84 Fy 84 DL 84 Fo 84 DL 84 Fo 84 DL 84 Fy 84 
< 6th M-subframe > 
Mo [84 Fy 84 DL 84 Fo 84 DL 84 Fo 84 DL 84 Fy 84 = 
; 7th M-subframe >| & 











In C-bit parity framing, the X-bits transmit error conditions from the far end of the link to the near end. If 
no error conditions exist, both X-bits are set to 1. If an out-of-frame (OOF) or alarm indication signal (AIS) 
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error is detected, both X-bits are set to O in the upstream direction for 1 second to notify the other end 
of the link about the condition. 


The C-bits that control bit stuffing in M13 frames are typically used in the following ways by C-bit parity 
framing: 


e Application identification channel (AlC)—The first C-bit in the first subframe identifies the type of DS3 
framing used. A value of 1 indicates that C-bit parity framing is in use. 


e N —A reserved network application bit. 
a 


e Far-end alarm and control (FEAC) channel—The third C-bit in the first subframe is used for the FEAC 
channel. In normal transmissions, the FEAC C-bit transmits all 1s. When an alarm condition is present, 
the FEAC C-bit transmits a code word in the format Oxxxxxxx 11111111, in which x can be either 1 or 
O. Bits are transmitted from right to left. 


Table 12 on page 82 lists some C-bit code words and the alarm or status condition indicated. 


Table 12: FEAC C-Bit Condition Indicators 


Alarm or Status Condition C-Bit Code Word 
DS3 equipment failure requires immediate attention. 00110010 11111111 


DS3 equipment failure occurred—such as suspended, not activated, | 00011110 11111111 
or unavailable service—that is non-service-affecting. 


DS3 loss of signal. 00011100 11111111 
DS3 out of frame. 00000000 11111111 
DS3 alarm indication signal (AIS) received. 00101100 11111111 
DS3 idle received. 00110100 11111111 


Common equipment failure occurred that is non-service-affecting. 00011101 11111111 


Multiple DS1 loss of signal. 00101010 11111111 


DS1 equipment failure occurred that requires immediate attention. | 00001010 11111111 


DS1 equipment failure occurred that is non-service-affecting. 00000110 11111111 


Single DS1 loss of signal. 00111100 11111111 


e Data links—The 12 C-bits in subframes 2, 5, 6, and 7 are data link (DL) bits for applications and 
terminal-to-terminal path maintenance. 


e DS3 parity—The 3 C-bits in the third subframe are DS3 parity C-bits (also called CP-bits). When a DS3 
frame is transmitted, the sending device sets the CP-bits to the same value as the P-bits. When the 
receiving device processes the frame, it calculates the parity of the M-frame and compares this value 
to the parity in the CP-bits of the following M-frame. If no bit errors have occurred, the two values are 
typically the same. 


e Far-end block errors (FEBEs)—The 3 C-bits in the fourth subframe make up the far-end block error 
(FEBE) bits. If a framing or parity error is detected in an incoming M-frame (via the CP-bits), the receiving 
device generates a C-bit parity error and sends an error notification to the transmitting (far-end) device. 
If an error is generated, the FEBE bits are set to OOO. If no error occurred, the bits are set to 111. 


| Example: Configuring a T3 Interface 


IN THIS SECTION 


Requirements | 83 
Overview | 83 


Configuration | 84 


Verification | 85 


This example shows how to complete the initial configuration on a T3 interface. 


Requirements 


Before you begin, install a PIM, connect the interface cables to the ports, and power on the device. See 
the Getting Started Guide for your device. 


Overview 


This example describes the initial configuration that you must complete on each network interface. In this 
example, you configure the t3-1/0/0 interface as follows: 


e You create the basic configuration for the new interface by setting the encapsulation type to ppp. You 
can enter additional values for physical interface properties as needed. 


e You set the logical interface to 0. Note that the logical unit number can range from O to 16,384. You 
can enter additional values for properties you need to configure on the logical interface, such as logical 
encapsulation or protocol family. 
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Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces t3-1/0/0 encapsulation ppp unit 0 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure a T3 interface: 
1. Create the interface. 


[edit] 
user@host# edit interfaces t3-1/0/0 


2. Create the basic configuration for the new interface. 


[edit interfaces t3-1/0/0] 
user@host# set encapsulation ppp 


3. Add logical interfaces. 


[edit interfaces t3-1/0/0] 
user@host# set unit 0 


Results 


From configuration mode, confirm your configuration by entering the show interfaces command. If the 
output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


For brevity, this show interfaces command output includes only the configuration that is relevant to this 
example. Any other configuration on the system has been replaced with ellipses (...). 


[edit] 


84 


t3-1/0/0 { 
encapsulation ppp; 
unit 0; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


@ Verifying the Link State of All Interfaces | 85 


@ Verifying Interface Properties | 86 


Confirm that the configuration is working properly. 


Verifying the Link State of All Interfaces 


Purpose 


By using the ping tool on each peer address in the network, verify that all interfaces on the device are 
operational. 


Action 


For each interface on the device: 


1. In the J-Web interface, select Troubleshoot>Ping Host. 


2. In the Remote Host box, type the address of the interface for which you want to verify the link state. 


3. Click Start. The output appears on a separate page. 


PNG hO pee Oral OR aro omc ctiamoyiees 
64 bytes from 10.10.10.10: icmp_seq=0 tt1=255 time=0.382 ms 
64 bytes from 10.10.10.10: icmp_seq=1 ttl=255 time=0.266 ms 


If the interface is operational, it generates an ICMP response. If this response is received, the round-trip 
time in milliseconds is listed in the time field. 
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Verifying Interface Properties 


Purpose 


Verify that the interface properties are correct. 


Action 


From the operational mode, enter the show interfaces detail command. 
The output shows a summary of interface information. Verify the following information: 


e The physical interface is Enabled. If the interface is shown as Disabled, do one of the following: 


e Inthe CLI configuration editor, delete the disable statement at the [edit interfaces t3-1/0/0] level of 
the configuration hierarchy. 


e In the J-Web configuration editor, clear the Disable check box on the Interfaces> t3-1/0/0 page. 


e The physical link is Up. A link state of Down indicates a problem with the interface module, interface 
port, or physical connection (link-layer errors). 


e The Last Flapped time is an expected value. It indicates the last time the physical interface became 
unavailable and then available again. Unexpected flapping indicates likely link-layer errors. 


e The traffic statistics reflect expected input and output rates. Verify that the number of input and output 
bytes and packets matches expected throughput for the physical interface. To clear the statistics and 
see only new changes, use the clear interfaces statistics t3-1/0/0 command. 


| Example: Deleting a T3 Interface 


IN THIS SECTION 


Requirements | 87 
Overview | 87 


Configuration | 87 


Verification | 87 


This example shows how to delete a T3 interface. 


Requirements 


No special configuration beyond device initialization is required before configuring an interface. 


Overview 


In this example, you delete the t3-1/0/0 interface. 


NOTE: Performing this action removes the interface from the software configuration and disables 
it. Network interfaces remain physically present, and their identifiers continue to appear on the 
J-Web pages. 


Configuration 


Step-by-Step Procedure 


To delete a T3 interface: 


1. Specify the interface you want to delete. 


[edit interfaces] 
user@host# delete t3-1/0/0 


2. If you are done configuring the device, commit the configuration. 
[edit interfaces] 


user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interfaces command. 
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Configuring 1-Port Clear Channel DS3/E3 GPIM 


IN THIS SECTION 


Understanding the 1-Port Clear Channel DS3/E3 GPIM | 88 
Example: Configuring the 1-Port Clear-Channel DS3/E3 GPIM for DS3 Port Mode | 92 
Example: Configuring the 1-Port Clear Channel DS3/E3 GPIM for E3 Port Mode | 94 


Example: Configuring the 1-Port Clear-Channel DS3/E3 GPIM for M23 Mapping Mode | 96 


The 1-Port Clear Channel DS3/E3 GPIM is a channel interface that can support full-duplex DS3 (T3) or 
E3 line rates. The below topics shows the overview of the interface, examplse on how to configure the 
1-Port Clear Channel DS3/E3 GPIM for DS3 port mode, E3 port mode and M23 mapping mode respectively. 


| Understanding the 1-Port Clear Channel DS3/E3 GPIM 


IN THIS SECTION 


Supported Features | 89 
Interface Naming | 89 


Physical Interface Settings | 89 


Logical Interface Settings | 90 


The 1-Port Clear Channel DS3/E3 Gigabit-Backplane Physical Interface Module (GPIM) for the device 
functions as a clear channel interface that can support full-duplex DS3 (T3) or E3 line rates of 44.796 or 
34.368 Mbps, respectively. The DS3/E3 interface is a popular high-bandwidth WAN interface for large 
enterprise branch locations that enables high-quality voice, video, and data applications with reduced 
latency. The GPIM device does not support channelization, but it supports a subrate DS3/E3 configuration. 


This topic includes the following sections: 
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Supported Features 


The clear channel implementation provides such features as subrate and scrambling options used by major 
DSU vendors. The following key features are available depending on the interface and mode selections: 


e Framed and unframed DS3 (default) and E3 port modes 


Support for frame relay, point-to-point, and HDLC serial encapsulation protocols 


Support for popular vendor algorithms for subrate and payload scrambling 


Support for generation and detection of loopback control codes (line-loopback activate and deactivate) 
and FEAC codes 


External and internal clocking support 


Support for DS3 and E3 network alarms 


Support for chassis clusters 


Support for anti-counterfeit check 


Loopback (local, remote, and payload) and BERT/PRBS/QRSS diagnostics support 
e MTU size of 4474 bytes (default) and 9192 bytes (maximum) 


Interface Naming 


The following format represents the 1-Port Clear Channel DS3/E3 GPIM interface names: 


type-fpc/pic/port 


where: 

e type—Media type (T3 or E3) 

e fpc—Number of the Flexible PIC Concentrator (FPC) card on which the physical interface is located 
e pic—Number of the PIC on which the physical interface is located 

e port—Specific port on the PIC 


Examples: t3-1/0/0 and e3-2/0/0 


Physical Interface Settings 


The 1-Port Clear Channel DS3/E3 GPIM supports IP configurations. Using the CLI, you can configure the 
1-Port Clear Channel DS3/E3 GPIM to operate in either DS3 or E3 mode. By default, at installation the 
physical interface, t3-x/y/z, is enabled on the GPIM port operating in DS3 mode with T3 framing. 
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You can reset the mode of the physical interface to E3 using the edit chassis command: 


[edit] 
user@host# set chassis fpc 1 pic O port O framing e3 


Logical Interface Settings 


The logical interface for the device is determined by setting the t3-options or e3-options of the edit 


interfaces command. 


You can specify the MTU size for the GPIM interface. Junos OS supports an MTU value of 4474 bytes for 
the default value or up to 9192 bytes for maximum jumbo GPIM implementations. 


Table 13 on page 90 identifies network interface specifications for DS3 or E3 modes. 


Table 13: 1-Port Clear Channel DS3/E3 GPIM Interface Options 


Description DS3 Mode 


Network Interface Specifications 


Line encoding B3ZS 


Framing e C-bit parity (default) 
e M23 


Subrate and scrambling Vendor algorithms supported: 


e Adtran 

e Digital Link 
e Kentrox 

e Larscom 


e Verilink 


Network alarms Supported in accordance with the ANSI 
specification: 
e Loss of signal (LOS) 
e Out of frame (OOF) 
e Loss of frame (LOF) 
e Alarm identification Signal (AIS) 
e Remote defect identification (RDI) 


E3 Mode 


HDB3 


G.751 (default) 


Vendor algorithms supported: 


e Digital Link 


e Kentrox 


Supported in accordance with the 
ITU-T specification: 


e Loss of signal (LOS) 

e Out of frame (OOF) 

e Alarm identification signal (AIS) 
e Remote defect identification (RDI) 
e Phase- locked loop (PLL) 
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Table 13: 1-Port Clear Channel DS3/E3 GPIM Interface Options (continued) 


Description 


Error counters 


HDLC Features 


MTU 


Shared flag 


Idle flag/fill (Ox7e or all ones) 


Counters 


SEE ALSO 


DS3 Mode 


Incremented during a periodic 
1-second polling routine: 


e Line code violations (LCV) 
e P-bit code violations (PCV) 
e C-bit code violations (CCV) 
e Line errored seconds (LES) 
e P-bit errored seconds (PES) 
e C-bit errored seconds (CES) 


e Severely errored framing seconds 
(SEFS) 


e P-bit severely errored seconds 
(PSES) 


e C-bit severely errored seconds 
(CSES) 


e Unavailable seconds (UAS) 


Default (4474 bytes) or maximum 
jumbo (up to 9192 bytes) 


Supported 


Supported 


Runts, giants 


Interface Naming Conventions | 35 


E3 Mode 


Incremented during a periodic 
1-second polling routine: 


e Frame alignment error (FAE) 


Bipolar coding violations (BCV) 
e Excessive zeros (EXZ) 


Line code violations (LCV) 


e Line errored seconds (LES) 


e Severely errored framing seconds 
(SEFS) 


e Unavailable seconds (UAS) 


Default (4474 bytes) or maximum 
jumbo (up to 9192 bytes) 


Supported 


Supported 


Runts, giants 
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Example: Configuring the 1-Port Clear-Channel DS3/E3 GPIM for DS3 Port 
Mode 


IN THIS SECTION 


@ Requirements | 92 
@ Overview | 92 


@ Configuration | 92 


This example configures the GPIM in the DS3 (T3) operation mode. 


Requirements 


Before you begin: 


e Install the device as specified in the SRX Series Services Physical Interface Modules Hardware Guide. 


Overview 


This example configures the basic T3 interface and modifies the framing to C-bit parity mode. 


Configuration 


Step-by-Step Procedure 
To configure the GPIM: 


1. Verify the installation, location, and status of the GPIM. In this example, the GPIM is installed in slot 
8/PIC O and is currently online. 


user@host> show chassis fpc pic-status 


Slot 0 Online FPC 
PIC 0 Online 4x GE Base PIC 
Sloe 2 Oseieilains 1i2Xe 
Slot 5 Offline FPC 
Slot 6© Online FPC 





PIC 0 Online 4x CT1E1 gPIM 
Slots (Orme ince Hee 
Sloe 8 Onlime mee 

PLC © Omiliine ike CwWR Cal W3/im0S} 








. Set the IP address for the logical interface. 


[edit] 
user@host# set interfaces t3-8/0/0 unit 0 family inet address interface 192.107.1.230/24 


. Set the MTU value to 9018. 


[edit] 
user@host# set interfaces t3-8/0/0 unit 0 family inet mtu 9018 


. Set the framing mode. 


[edit] 
user@host# set interfaces t3-8/0/0 t3-options cbit-parity 


. Enable the unframed DS3 mode. 


[edit] 
user@host# set interfaces t3-8/0/0 t3-options unframed 


. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


. To verify the configuration for your device, enter the following operational command: 


user@host> show interfaces t3-8/0/0 extensive 
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Example: Configuring the 1-Port Clear Channel DS3/E3 GPIM for E3 Port 
Mode 


IN THIS SECTION 


@ Requirements | 94 
@ Overview | 94 


@ Configuration | 94 


This example modifies the default configuration for an E3 environment. 


Requirements 


Before you begin: 


e Install the device as specified in the SRX Series Services Physical Interface Modules Hardware Guide. 


Overview 


This example configures the basic E3 interface. 


Configuration 


Step-by-Step Procedure 
To configure the GPIM in E3 framing: 


1. Verify the installation, location, and status of the GPIM. In this example, the GPIM is installed in slot 
8/PIC O and is currently online. 


user@host> show chassis fpc pic-status 


Slot 0 Online FPC 
PIC 0 Online 4x GE Base PIC 
Sloe 2 Oseieilains 1i2Xe 
Slot 5 Offline FPC 
Slot 6© Online FPC 





PIC 0 Online 4x CT1E1 gPIM 
Slots (Orme ince Hee 
Sloe 8 Onlime mee 

PLC © Omiline ike Cw Cal W/m) 








. Change to E3 port mode. 


[edit] 
user@host# set chassis fpc 8 pic O port O framing e3 


. Reset the MTU value to 3474. 


[edit] 
user@host# set interfaces e3-8/0/0 unit O family inet mtu 3474 


. Enable the unframed mode. 


[edit] 
user@host# set interfaces e3-8/0/0 e3-options unframed 


. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


. To verify the configuration for your device, enter the following operational command: 


user@host> show interfaces e3-8/0/0 extensive 
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Example: Configuring the 1-Port Clear-Channel DS3/E3 GPIM for M23 
Mapping Mode 


IN THIS SECTION 


@ Requirements | 96 
@ Overview | 96 


@ = Configuration | 96 


The following example configures the GPIM in DS3 with M23 mapping mode. Note that M23 mapping 
does not provide C-bit parity. 


Requirements 


Before you begin: 


e Install the device as specified in the SRX Series Services Physical Interface Modules Hardware Guide. 


Overview 


This example configures the basic T3 interface and modifies the framing to M23 mode without C-bit parity. 


Configuration 


Step-by-Step Procedure 
To configure the GPIM: 


1. Verify the installation, location, and status of the GPIM. In this example, the GPIM is installed in slot 
8/PIC O and is currently online. 


user@host> show chassis fpc pic-status 


Slot 0 Online FPC 

PIC 0 Online 4x GE Base PIC 
Slot 2 Offline FPC 
Sloe 5 Oiiildme Mac 





Slot © Online FPC 

PIC 0 Online 4x CT1E1 gPIM 
Sloe 7 Wie ilaioe 1i2Xe 
Slot 8 Online FPC 

Pe © Omilime ik CUR Csi W3/in3 








. Set the IP address for the logical interface. 


[edit] 
user@host# set interfaces t3-8/0/0 unit 0 family inet address interface 192.107.1.230/24 


. Set the MTU value to 9018. 


[edit] 
user@host# set interfaces t3-8/0/0 unit O family inet mtu 9018 


. Set the framing mode. 


[edit] 
user@host# set interfaces t3-8/0/0 t3-options m23 


. Disable C-bit parity for M23 mode. 


[edit] 
user@host# set interfaces t3-8/0/0 t3-options no-cbit-parity 


. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


. To verify the configuration for your device, enter the following operational command: 


user@host> show interfaces t3-8/0/0 extensive 
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CHAPTER 


Configuring ADSL and SHDSL 


Interfaces 


Configuring ADSL Interfaces | 99 
Configuring G.SHDSL Interfaces | 142 


VDSL2 Interfaces | 174 
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Configuring ADSL Interfaces 


IN THIS SECTION 


ADSL Interface Overview | 99 

ADSL and SHDSL Interfaces Configuration Overview | 102 
Example: Configuring the DHCP Client on ADSL Interface | 106 
Example: Configuring the IPv6 Address on an ADSL Interface | 111 
Example: Configuring ATM-over-ADSL Network Interfaces | 114 
Example: Configuring MLPPP-over-ADSL Interfaces | 123 
Example: Configuring CHAP on DSL Interfaces | 125 


Example: Configuring ATM-over-SHDSL Network Interfaces | 134 


Asymmetric digital subscriber line (ADSL) technology helps in transporting high-bandwidth data using the 
twisted-pair telephone lines. The topics below discuss the ADSL interfaces, configuration details of ADSL 
and SHDSL interfaces, and configuration of different clients on ADSL interfaces. 


| ADSL Interface Overview 


Selected Juniper Networks security devices support DSL features including ATM-over-ADSL and 
ATM-over-SHDSL interfaces. 


NOTE: Payload loopback functionality is not supported on ATM-over-SHDSL interfaces. 


Asymmetric digital subscriber line (ADSL) technology is part of the xDSL family of modem technologies 
that use existing twisted-pair telephone lines to transport high-bandwidth data. ADSL lines connect service 
provider networks and customer sites over the "last mile" of the network—the loop between the service 
provider and the customer site. 


ADSL transmission is asymmetric because the downstream bandwidth is typically greater than the upstream 
bandwidth. The typical bandwidths of ADSL, ADSL2, and ADSL2+ circuits are defined in 
Table 14 on page 100. 


Table 14: Standard Bandwidths of DSL Operating Modes 


Operating Modes Upstream 

ADSL 800 Kbps—1Mbps 
ADSL2 1—1.5 Mbps 
ADSL2+ 1—1.5 Mbps 
ADSL2+ Annex M 2.5—3 Mbps 


ADSL, ADSL2, and ADSL2+ support the following standards: 


e For Annex A: 


e ITU G.992.1 (ADSL) 


e For Annex A only: 
e ANSI 11.413 Issue II 
e ITU G.992.3 (ADSL2) 
e ITU G.992.5 (ADSL2+) 


e For Annex M: 
e ITU G.992.3 (ADSL2) 
e ITU G.992.5 (ADSL2+) 


e For Annex B: 
e ITU G.992.1 (ADSL) 
e ITU G.992.3 (ADSL2) 
e ITU G.992.5 (ADSL2+) 


e For Annex B only 


e ETSI TS 101 388 V1.3 
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Downstream 


8 Mbps 


12—14 Mbps 


24—25 Mbps 


25 Mbps 


The ADSL Mini-PIM facilitates a maximum of 10 virtual circuits on supported security devices. 


Supported security devices with Mini-PIMs can use PPP over Ethernet over ATM (PPPoEoA) and PPP over 


ATM (PPPoA) to connect through ADSL lines only. 


ADSL Systems 


ADSL links run across twisted-pair telephone wires. When ADSL modems are connected to each end of 
a telephone wire, a dual-purpose ADSL circuit can be created. Once established, the circuit can transmit 
lower-frequency voice traffic and higher-frequency data traffic. 


To accommodate both types of traffic, ADSL modems are connected to plain old telephone service (POTS) 
splitters that filter out the lower-bandwidth voice traffic and the higher-bandwidth data traffic. The voice 
traffic can be directed as normal telephone voice traffic. The data traffic is directed to the ADSL modem, 
which is typically connected to the data network. 


ADSL2 and ADSL2+ 


The ADSL2 and ADSL2+ standards were adopted by the ITU in July 2002. ADSL2 improves the data rate 
and reach performance, diagnostics, standby mode, and interoperability of ADSL modems. 


ADSL2+ doubles the possible downstream data bandwidth, enabling rates of 20 Mbps on telephone lines 
shorter than 5000 feet (1.5 km). 


ADSL2 uses seamless rate adaptation (SRA) to change the data rate of a connection during operation with 
no interruptions or bit errors. The ADSL2 transceiver detects changes in channel conditions—for example, 
the failure of another transceiver in a multicarrier link—and sends a message to the transmitter to initiate 
a data rate change. The message includes data transmission parameters such as the number of bits 
modulated and the power on each channel. When the transmitter receives the information, it transitions 
to the new transmission rate. 


ATM CoS Support 


Certain class-of-service (CoS) components for Asynchronous Transmission Mode (ATM) are provided to 
control data transfer, especially for time-sensitive voice packets. The ADSL Mini-PIM on the SRX210 
device provides extended ATM CoS functionality to provide cells across the network. You can define 
bandwidth utilization, which consists of either a constant rate or a peak cell rate, with sustained cell rate 
and burst tolerance. By default, unspecified bit rate (UBR) is used because the bandwidth utilization is 
unlimited. 


The following ATM traffic shaping features are supported: 


Constant bit rate(CBR) | CBR is the service category for traffic with rigorous timing requirements like voice and 
certain types of video. CBR traffic needs a constant cell transmission rate throughout the 
duration of the connection. 


Variable bit rate non-real |» VBR-NRT is intended for sources such as data transfer, which do not have strict time or 
- time (VBR-NRT) delay requirements. VBR-NRT is suitable for packet data transfers. 
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Unspecified bit rate UBR is ATM's best-effort service, which does not provide any CoS guarantees. This is 
(UBR) suitable for noncritical applications that can tolerate or quickly adjust to loss of cells. 


The ability of a network to guarantee class of service depends on the way in which the source generates 
cells and also on the availability of network resources. The connection contract between the user and the 
network thus contains information about the way in which traffic is generated by the source. 


A set of traffic descriptors is specified for this purpose. The network provides the class of service for the 
cells that do not violate these specifications. The following are the traffic descriptors specified for an ATM 
network: 


e Peak cell rate (PCR)—Top rate at which traffic can burst. 
e Sustained cell rate (SCR)—Normal traffic rate averaged over time. 
e Maximum burst size (MBS)—The maximum burst size that can be sent at the peak rate. 


e Cell delay variation tolerance (CDVT)—Allows the user to delay the traffic for a particular time duration 
in microseconds to follow a rhythmic pattern. 


For traffic that does not require the ability to periodically burst to a higher rate, you can specify a CBR. 
You can configure VBR-NRT for ATM interfaces, which supports VBR data traffic with average and peak 
traffic parameters. VBR-NRT is scheduled with a lower priority and with a larger sustained cell rate (SCR) 
limit, allowing it to recover bandwidth if it falls behind. 


On SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices, the ATM interface takes more 
than 5 minutes to come up when CPE is configured in ANSI-DMT mode and CO is configured in automode. 
This occurs only with ALU 7300 DSLAM, due to limitation in current firmware version running on the 
ADSL Mini-PIM. 


ADSL and SHDSL Interfaces Configuration Overview 


An SRX Series device with an ADSL interface supports LFI through an MLPPP. 


NOTE: Currently, Junos OS supports bundling of only one xDSL link under bundle interface. 


To support MLPPP encapsulation and the family mlppp on the ADSL interface on an SRX Series device, 
you enable an existing Junos OS CLI. 


To establish an ADSL link between network devices, you must use some intermediate connections. First, 
use an RJ-11 cable to connect the CPE (for example, an SRX Series device) to a DSLAM patch panel to 
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form an ADSL link. Then use OC3 or DS3 to connect the DSLAM to M Series or E Series devices to form 
an ATM backbone. 


You can configure the following properties for the ADSL and SHDSL interfaces: 

e Physical properties 

e Logical properties 

You can configure the following physical properties for the interface: 

e ATM virtual path identifier (VPI) options for the interface—for example, at-2/0/0: 


e ATM VPI—A number from O through 255—for example, 25. 


Operation, Maintenance, and Administration (OAM) F5 loopback cell thresholds (“liveness”) on ATM 
virtual circuits. The range is from 1 through 255, and the default is 5 cells. 


e Down count—Number of consecutive OAM loopback cells an ATM virtual circuit must lose to be 
identified as unavailable—for example, 200. 


e Up count—Number of consecutive OAM loopback cells an ATM virtual interface must receive to be 
identified as operational—for example, 200. 


OAM period—Interval, in seconds, at which OAM cells are transmitted on ATM virtual circuits—for 
example, 100. The range is from 1 through 900 seconds. 


e 


Configure CBR for the interface—for example, at-1/0/0. 
e CBR—Range from 33,000 through 1,199,920 
e CDVT—Range from 1 through 9,999 


Configure VBR for the interface—for example, at-1/0/0. 


e MBS—Range from 33,000 through 1,199,920 
e CDVT—Range from 1 through 9,999 

e PCR—Range from 33,000 through 1,199,920 
e SCR—Range from 33,000 through 1,199,920 


Type of DSL operating mode for the ATM-over-ADSL and ATM-over-SHDSL interfaces—for example, 
auto: 


Annex A (used in North American network implementations) and Annex B (used in European network 
implementations) support the following operating modes: 


e auto—Configures the ADSL interface to autonegotiate settings with the DSLAM located at the central 
office. For Annex A, the ADSL interface trains in either ANSI T1.413 Issue II mode or ITU G.992.1 
mode. For Annex B, the ADSL interface trains in ITU G.992.1 mode. For the SHDSL interface, the line 
rate is available only in two-wire mode and is the default value. 
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e itu-dmt—Configures the ADSL interface to train in ITU G.992.1 mode. 


e 192 Kbps or higher—Speed of transmission of data on the SHDSL connection. For the SHDSL interface, 
in the four-wire mode, the default line rate is 4,608 Kbps. 


Annex A supports the following operating modes: 


e adsl2plus—Configures the ADSL interface to train in ITU G.992.5 mode. You can configure this mode 
only when it is supported on the DSLAM. 


e itu-dmt-bis—Configures the ADSL interface to train in ITU G.992.3 mode. You can configure this mode 
only when it is supported on the DSLAM. 


e ansi-dmt—Configures the ADSL interface to train in the ANSI T1.413 Issue II mode. 


Annex B supports the following operating modes: 
e etsi—Configures the ADSL line to train in the ETSI TS 101 388 V1.3.1 mode. 
e itu-annexb-ur2—Configures the ADSL line to train in the G.992.1 Deutsche Telekom UR-2 mode. 


e itu-annexb-non-ur2—Configures the ADSL line to train in the G.992.1 Non-UR-2 mode. 


Loopback option for testing the SHDSL connection integrity-for example, local loopback. 


The following values are available: 


e local—Used for testing the SHDSL equipment with local network devices. 
e payload—Used to command the remote configuration to send back the received payload. 


e remote—Used to test SHDSL with a remote network configuration. 


Signal-to-noise ratio (SNR) margin—for example, 5 dB for either or both of the following thresholds: 


e current—Line trains at higher than current noise margin plus SNR threshold. The range is from O to 
10 dB. The default value is O. 


e snext—Line trains at higher than self-near-end crosstalk (SNEXT) threshold. The default value is 
disabled. 


Setting the SNR creates a more stable SHDSL connection by making the line train at a SNR margin higher 
than the threshold. If any external noise below the threshold is applied to the line, the line remains stable. 
You can also disable the SNR margin thresholds. 


Encapsulation type—for example, ethernet-over-atm: 


atm-pvc—ATM permanent virtual circuits is the default encapsulation for ATM-over-ADSL and 
ATM-over-SHDSL interfaces. 


For PPP over ATM (PPPoA)-over-ADSL and over-SHDSL interfaces, use this type of encapsulation. 


ethernet-over-atm—Ethernet over ATM encapsulation. 


e 
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For PPP over Ethernet (PPPoE) over ATM-over-ADSL and ATM-over-SHDSLinterfaces that carry IPv4 
traffic, use this type of encapsulation. 


You can configure the following logical properties for the interface: 


e Logical interface. Set a value from O through 16,385—for example, 3. Add other values if required by 
your network. 


e Configure encapsulation for the ATM-for-ADSL or ATM-for-SHDSL logical unit—for example, atm-nlpid. 


The following encapsulations are supported on the ATM-over-ADSL and ATM-over-SHDSL interfaces 
that use inet (IP) protocols only: 


e atm-vc-mux—Use ATM virtual circuit multiplex encapsulation. 
e atm-nlpid—Use ATM network layer protocol identifier (NLPID) encapsulation. 
e atm-cisco-nlpid—Use Cisco NLPID encapsulation. 


e ether-over-atm-llc—For interfaces that carry IPv4 traffic, use Ethernet over LLC encapsulation. You 
cannot configure multipoint interfaces if you use this type of encapsulation. 


The following encapsulations are supported on the ATM-over-ADSL or ATM-over-SHDSL for 
PPP-over-ATM (PPPoA) interfaces only. 


e atm-ppp-llc—AALS5 logical link control (LLC) encapsulation. 


e atm-ppp-vc-mux—Use AAL5 multiplex encapsulation. 
Other encapsulation types supported on the ATM-over-ADSL and ATM-over-SHDSL interfaces are: 


e ppp-over-ether-over-atm-Ilc—Use PPP over Ethernet over ATM LLC encapsulation. When you use 
this encapsulation type, you cannot configure the interface address. Instead you configure the interface 
address on the PPP interface. 


e atm-snap—Use ATM subnetwork attachment point (SNAP) encapsulation. 


e OAM options for the ATM virtual circuits: 


e OAM F5 loopback cell thresholds (“liveness”) on ATM virtual circuits. The range is from 1 through 255, 
and the default is 5 cells. 


e Down count—Number of consecutive OAM loopback cells an ATM virtual circuit must lose to be 
identified as unavailable—for example, 200. 


e Up count—Number of consecutive OAM loopback cells an ATM virtual interface must receive to be 
identified as operational—for example, 200. 


e OAM period—Interval, in seconds, at which OAM cells are transmitted on ATM virtual circuits—for 
example, 100. The range is from 1 through 900 seconds. 
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e Family protocol type—for example, inet. Commands vary depending on the protocol type. 
e ATM VCI options for the interface: 
e ATM VCI type—vci 
e ATM VCI value—A number from 0 through 4,089—for example, 35—with VCls O through 31 reserved. 


| Example: Configuring the DHCP Client on ADSL Interface 
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This example shows how to configure DHCP client on ADSL or SHDSL or VDSL2 interface (when VDSL2 
interface is configured to operate in ADSL fallback mode). 


Requirements 


Before you begin: 


e Review the overview section on DHCP client. See Understanding DHCP Client Operation 
e Establish basic connectivity. See the Quick Start for your device. 


e Configure network interfaces as necessary. See “Example: Creating an Ethernet Interface” on page 208. 


Overview 


In this example, you configure the ATM interface as at-1/0/0. You then set the logical interface to unit O 
and specify the family protocol type as inet. Finally, you configure the DHCP client. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces at-1/0/0 encapsulation ethernet-over-atm 

set interfaces at-1/0/0 atm-options vpi 2 

set interfaces at-1/0/0 dsl-options operating-mode auto 

set interfaces at-1/0/0 unit 0 

set interfaces at-1/0/0 unit 0 encapsulation ether-over-atm-llc 
set interfaces at-1/0/0 unit 0 vci 2.122 

set interfaces at-1/0/0 unit 0 family inet 

set interfaces at-1/0/0 unit 0 family inet dhcp 


Step-by-Step Procedure 
To configure DHCP client on ADSL interfaces: 


1. Set the encapsulation mode. 


[edit] 
user@host# set interfaces at-1/0/0 encapsulation ethernet-over-atm 


2. Configure the ATM VPI option. 


[edit] 
user@host# set interfaces at-1/0/0 atm-options vpi 2 


3. Set operating mode. 


[edit] 
user@host# set interfaces at-1/0/0 dsl-options operating-mode auto 


4. Set the logical interface. 


[edit] 
user@host# set interfaces at-1/0/0 unit 0 


5. Set the encapsulation mode for logical interface. 


[edit] 
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user@host# set interfaces at-1/0/0 unit 0 encapsulation ether-over-atm-llc 


6. Set the ATM VCI option. 


[edit] 
user@host# set interfaces at-1/0/0 unit 0 vci 2.122 


7. Specify the family protocol type. 


[edit] 
user@host# set interfaces at-1/0/0 unit 0 family inet 


8. Configure the DHCP client. 


[edit] 
user@host# set interfaces at-1/0/0 unit O family inet dhcp 


9. Set the DHCP client identifier as a ASCII or hexadecimal value (optional): 


Use hexadecimal if the client identifier isa MAC address—for example, 00:0a:12:00:12:12. 


[edit] 
user@host# set interfaces at-1/0/0 unit O family inet dhcp client-identifier 00:0a:12:00:12:12 


10. Set the DHCP lease time in seconds—for example, 86400 (24 hours). The range is 60 through 
2147483647 seconds (optional). 


[edit] 
user@host# set interfaces at-1/0/0 unit O family inet dhcp lease-time 86400 


11. Define the number of attempts allowed to retransmit a DHCP packet (optional)—for example, 6 


The range is O through 6. The default is 4 times. 


[edit] 
user@host# set interfaces at-1/0/0 unit O family inet dhcp retransmission-attempt 6 


12. Define the interval, in seconds, allowed between retransmission attempts (optional)—for example, 5. 
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The range is 4 through 64. The default is 4 seconds. 


[edit] 
user@host# set interfaces at-1/0/0 unit O family inet dhcp retransmission-interval 5 


13. Set the IPv4 address of the preferred DHCP server (optional)—for example, 10.1.1.1. 


[edit] 
user@host# set interfaces at-1/0/0 unit O family inet dhcp server-address 10.1.1.1 


14. Set the vendor class ID for the DHCP client (optional)—for example, ether. 


[edit] 
user@host# set interfaces at-0/0/1 unit O family inet dhcp vendor-id ether 


Results 


From configuration mode, confirm your configuration by entering the show interfaces at-1/0/0 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 
user@host# show interfaces at-1/0/0 
encapsulation ethernet-over-atm; 
atm-options { 
vpi 2; 
} 
dsl-options { 
operating-mode auto; 
} 
unit O { 
encapsulation ether-over-atm-llc; 
vei 2.122; 
family inet { 
dhcp { 
client-identifier ascii 00:0a:12:00:12:12; 
lease-time 86400; 
retransmission-attempt 6; 
retransmission-interval 5; 
server-address 10.1.1.1; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


@ = Verifying the DHCP Configuration | 110 
@ Verify Interface Status | 111 


Confirm that the configuration is working properly. 


Verifying the DHCP Configuration 


Purpose 
Verify that the DHCP options are configured properly. 


Action 


Verify the DHCP configuration by using the run show system services dhcp client command. 


user@host# run show system services dhcp client 





Logical Interface name at-1/0/0.0 
Hardware address WOs ws ilZA seals Wilks 33 
Client status bound 
Address obtained 10,40 ,i1.2 
Update server disabled 
Lease obtained at Z2QLL=—O5=-O03 O4858e10 Pie 
Lease expires at ZAQLI-O5-04 O4gSsei10) wip 


DHCP options: 





Name: server-identifier, Value: 10.40.1.1 

Cocles iI, Wyoees djomccklicess, wWellmes 255,255,255. 0 

Name: name-server, Value: [ 192.168.5.68, 192.168.60.131, 
LIZA e293, 101 | 


Name: domain-name, Value: englab.juniper.net 





LID od Ie B8o LOO, 
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Verify Interface Status 


Purpose 


Verify the interface status and check traffic statistics. 


Action 
Verify interface status by using the show interface terse command and test end-to-end data path 
connectivity by sending the ping packets to the remote end IP address. 


user@host# run show interfaces at-1/0/0 terse 


Interface Admin Link Proto Local Remote 
at-1/0/0 up up 

at-1/0/0.0 up up inet 10,40 ,1,2/24 

aie /0/0 . 32767 up up 


user@host# run ping 10.40.1.1 count 100 rapid 


PoNG aOR 4 Ors (OA OF ik) Siomcoteambyees) 


TAS TAD ICU DOGO DS TO DST AOS TOO TEI DOO TUTE OS GUS DSS TS Cet IS DOU UAW US OTST UT ee DO Get 


==> 10, 40.1.1 folimg Sitatisties —-= 
100 packets transmitted, 100 packets received, 0% packet loss 
round-trip min/avg/max/stddev = 20.086/26.404/61.723/6.194 ms 


SEE ALSO 


| Example: Configuring the IPv6 Address on an ADSL Interface 


IN THIS SECTION 


Requirements | 112 
Overview | 112 
Configuration | 112 


Verification | 114 


112 


This example shows how to configure the IPv6é address on an ADSL interface. 


Requirements 


Before you begin, configure network interfaces as necessary. See “Understanding Ethernet Interfaces” on 
page 203. 


Overview 


In this example, you specify the following configuration parameters: 


e Encapsulation type: Ethernet over ATM on DSL logical interface 

e ATM virtual path identifier (VPI): 2 

e Encapsulation type: Ethernet over ATM on DSL logical interface 

e Encapsulation type for the ATM-for-ADSL logical unit: Ethernet over ATM LLC 
e ATM virtual channel (VCl): 2.118 

e IPvé address and prefix: 13:13::1/64 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following commands, paste them into a text file, remove any 
line breaks, change any details necessary to match your network configuration, copy and paste the 
commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces at-1/0/0 encapsulation ethernet-over-atm 

set interfaces at-1/0/0 atm-options vpi 2 

set interfaces at-1/0/0 unit 0 encapsulation ether-over-atm-llc 
set interfaces at-1/0/0 unit 0 vci 2.118 

set interfaces at-1/0/0 unit O family inet6 address 13:13::1/64 


Step-by-Step Procedure 


To configure the IPv6 address on an ADSL interface: 


1. Configure the encapsulation type. 


[edit] 
user@host# set interfaces at-1/0/0 encapsulation ethernet-over-atm 


2. Specify the annex type. 
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[edit] 
user@host# set interfaces at-1/0/0 atm-options vpi 2 


3. Configure the encapsulation for the logical unit. 


[edit] 
user@host# set interfaces at-1/0/0 unit 0 encapsulation ether-over-atm-llc 


4. Configure the VCI value. 


[edit] 
user@host# set interfaces at-1/0/0 unit 0 vci 2.118 


5. Configure family protocol type and assign an IPv6 address. 


[edit] 
user@host# set interfaces at-1/0/0 unit 0 family inet6 address 13:13::1/64 


Results 


From configuration mode, confirm your configuration by entering the show interfaces at-1/0/0 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 
user@host# show interfaces at-1/0/0 
encapsulation ethernet-over-atm; 
atm-options { 

vpi 2; 
} 
unit O { 

encapsulation ether-over-atm-llc; 

vei 2.118; 

family ineté { 

address 13:13::1/64; 


If you done configuring the device, enter commit from configuration mode. 
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Verification 


Confirm that the configuration is working properly. 


Verifying ADSL Interface Properties 


Purpose 


Verify that the ADSL interface properties are configured properly. 


Action 


From operational mode, enter the show ipv6 neighbors command. The output shows a summary of interface 
information. 


user@host> show ipvé6 neighbors 








IPv6 Address Linklayer Address State Exp Rtr Secur Interfac 
Oh 582 00:00:0a:00:00:00 reachable ala; yes no reth0.0 
ALS She eal Ole) SBE Gg Hog Gills is) stale 1197 yes no aie /0/ 0 .© 
IDZIDQs 3B 00:19:e2:4b:61:83 stale 1188 yes no aie=3/0/ 0.0 
Meaning 


The IPv6 Address field displays the configured IPv6 address on the interface. 


SEE ALSO 


Configuring the inet6 IPv6é Protocol Family | 59 
show ipv6 neighbors 


clear ipvé neighbors 
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This example shows how to configure ATM-over-ADSL network interfaces for the devices. 


Requirements 


Before you begin: 


e Configure network interfaces as necessary. See “Understanding Ethernet Interfaces” on page 203. 


e Configure PPPoE encapsulation on an Ethernet interface or on an ATM-over-ADSL interface. See 
“Understanding Point-to-Point Protocol over Ethernet” on page 343. 


Overview 


This example shows how to use devices with ADSL Annex A or Annex B PIMs to send network traffic 
through a point-to-point connection to a DSLAM. Within the example, you set the DSL operating mode 
type to auto so that the ADSL interface will autonegotiate settings with the DSLAM. 


The example shows how to create an ATM interface called at-2/0/0. The values for the interface’s physical 
properties are kept relatively low—the ATM VPI is set to 25; both the OAM down count and up count are 
set to 200 cells; the OAM period is set to 100 seconds. 


The example also shows how to set traffic shaping values on the ATM interface to support CoS. CBR is 
enabled in order to stabilize the cell transmission rate throughout the duration of the connection. 
Additionally, the VBR peak is set to 33,000 for data packet transfers. 


Within the example, you set the encapsulation mode to ethernet-over-atm to support PPP over Ethernet 
IPv4 traffic. You also configure a logical interface (unit 3). The logical interface uses ATM NLPID 
encapsulation. As with the physical interface, the OAM down count and up count are set to 200 cells on 
the logical interface and the OAM period is set to 100 seconds. The family protocol is set to inet and the 
VCl is set to 35. 


NOTE: On SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices, the ATM 
interface takes more than 5 minutes to come up when CPE is configured in ANSI-DMT mode 
and CO is configured in auttomode. This occurs only with ALU 7300 DSLAM, due to limitation 
in current firmware version running on the ADSL Mini-PIM. 
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Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces at-2/0/0 atm-options vpi 25 oam-liveness up-count 200 down-count 200 

set interfaces at-2/0/0 atm-options vpi 25 oam-period 100 

set interfaces at-1/0/0 unit O shaping cbr 

set interfaces at-1/0/0 unit O shaping vbr peak 33000 

set interfaces at-1/0/0 dsl-options operating-mode auto 

set interfaces at-1/0/0 encapsulation ethernet-over-atm 

set interfaces at-1/0/0 unit 3 encapsulation atm-nlpid oam-liveness up-count 200 down-count 200 
set interfaces at-1/0/0 unit 3 oam-period 100 

set interfaces at-1/0/0 unit 3 family inet 

set interfaces at-1/0/0 unit 3 vci 35 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure ATM-over-ADSL network interfaces for the devices: 
1. Create an ATM interface. 


[edit] 
user@host# edit interfaces at-2/0/0 


2. Configure the physical properties for the ATM interface. 


[edit interfaces at-2/0/0] 

user@host# set atm-options vpi 25 

user@host# set atm-options vpi 25 oam-liveness up-count 200 down-count 200 
user@host# set atm-options vpi 25 oam-period 100 


3. Specify the CBR value and VBR value for the Ethernet interface. 


[edit] 

user@host# edit interfaces at-1/0/0 unit 0 
user@host# set shaping cbr 

user@host# set shaping vbr peak 33000 


4. Set the DSL operating mode type. 


[edit interfaces at-1/0/0.0] 
user@host# set dsl-options operating-mode auto 


5. Configure the encapsulation type. 


[edit interfaces at-1/0/0] 
user@host# set encapsulation ethernet-over-atm 


6. Configure the encapsulation for the logical unit. 


[edit interfaces at-1/0/0 unit 3] 
user@host# set encapsulation atm-nlpid 


7. Configure the OAM liveness values for an ATM virtual circuit. 


[edit interfaces at-1/0/0 unit 3] 
user@host# set oam-liveness up-count 200 down-count 200 


8. Specify the OAM period. 


[edit interfaces at-1/0/0 unit 3] 
user@host# set oam-period 100 


9. Set the family protocol type. 


[edit interfaces at-1/0/0 unit 3] 
user@host# set family inet 


10. Configure the VCI value. 


[edit interfaces at-1/0/0 unit 3] 
user@host# set vci 35 


Results 
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From configuration mode, confirm your configuration by entering the show interfaces at-1/0/0 and show 
interfaces at-2/0/0 commands. If the output does not display the intended configuration, repeat the 
configuration instructions in this example to correct it. 


[edit] 
user@host# show interfaces at-1/0/0 
encapsulation ethernet-over-atm; 
dsl-options { 
operating-mode auto; 
} 
unit O { 
shaping { 
vbr peak 33k; 
burst 
} 


unit 3 { 
encapsulation atm-nlpid; 
vei 35; 
oam-period 100; 
oam-liveness { 
up-count 200; 
down-count 200; 
} 
family inet; 
} 
[edit] 
user@host show interfaces at-2/0/0 
atm-options { 
vpi 25 { 
oam-period 100; 
oam-liveness { 
up-count 200; 
down-count 200 


} 


If you are done configuring the device, enter commit from configuration mode. 
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Verification 


IN THIS SECTION 


@ Verifying the ADSL Interface Properties | 119 
@ Verifying a PPPoA Configuration for an ATM-over-ADSL Interface | 122 


Confirm that the configuration is working properly. 


Verifying the ADSL Interface Properties 


Purpose 


Verify that the interface properties are correct. 


Action 


From operational mode, enter the show interfaces at-1/0/0 extensive command. 


user@host> show interfaces at-1/0/0 extensive 


Physical interface: at-1/0/0, Enabled, Physical link is Up 
Interface index: 141, SNMP ifIndex: 49, Generation: 142 








Link-level type: ATM-PVC, MTU: 4482, Clocking: Internal, ADSL mode, 
Speed: ADSL, Loopback: None 


Device flags : Present Running 

Link flags : None 

CoS queues : 8 supported, 8 maximum usable queues 
Hold-times : Up 0 ms, Down O ms 

Cumsenivmaddiseis Sm OWr US scioiiC orp mile 

Last flapped § ZO0S—O6=26 2ssilis0s wor (OlLetils so age) 


Statistics last cleared: Never 





Ube WS Ses ic Sie ress 





Input bytes 0 0 bps 
Output bytes 0 0 bps 
Input packets: 0 0 pps 
Output packets: 0 0 pps 


IIMYSINE, Siewoies § 





ewOrSs WO, Disease OW, winwellucel WOss OW, wWikeimnme Gierores 0, Polacec! cliseaiccss 0, 
L3 incompletes: 0, L2 channelerrors: 0, L2 mismatch timeouts: 0, 
Resource errors: 0 


Output errors: 





Carelar cremsitciomsy 3, mecorss 0, Diecjosig OW, mMoecl packs: O, Mir errors: 0, 


Resource errors: 0 


ADSL alarms None 


ADSL defects None 





ADSL media: 


LOCDI 
LOCDNI 
ADSL status: 





Modem status 
DSL mode 

Last fail code: None 
Subfunction 0x00 


Seconds in showtime 


ADSL Chipset Information: 


Vendor Country 
Vendor ID 
Vendor Specific: 
ADSL Statistics: 
Attenuation (dB) 
Capacity used(%) 
Noise margin (dB) 


Output power (dBm) 


Bit rate (kbps) 


Q 
bo) 
@O 





Received cells 

Transmitted cells 
ATM status: 

WCS Siceicees Hunt 

LOC OK 
ATM Statistics: 





Uncorrectable HCS errors: 0, 


0,Rx cell FIFO overruns: 
Input cell count: 49, 
VC queue drops: 


Showtime 


Auto 


Output cell count: 
OInput no buffers: 0, 


Seconds Count State 


Oo Oo O&O © fC © 
ANH KR AK 





es Ee ec &] 
Ss oe oS & 


(Adsl2plus) 


Annex A 


6093 

PIU R. 
Ox0f 
SIME 
0x0000 

ALU-R 
0.0 
100 
V5 
10.0 





Interleave Fast 


0 24465 


Correctable HCS errors: 


0,Rx cell FIFO underruns: 0, 


0,Output idle cell count: 


NTU=C 
Oxb5 
TEIN 
0x70de 
ATU-C 
ORO) 
92 
9.0 
12.5 
Interleave Halse 
0 1016 
0 0 
0 0 
0 0 


0,Tx cell FIFO overruns: 


0, Output 


Input length errors: 0, 
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Input timeouts: 0, Input invalid VCs: 0, Input bad CRCs: 0, Input OAM cell no 


buffers: 0 


Packet Forwarding Engine configuration: 





Destination slot: 1 
Direction Output 


CoS transmit queue 


Limit 

0 best-effort 95 
none 

3 network-control 5 
none 


Bandwidth 


bps 
7600000 


400000 


Buffer Priority 
usec 

0 low 

0 low 


But for ADSL MiniPim TI chipset does not send ADSL Chipset 


Information. Also Adsl minipim does not send any alarms. So we can't 


show alarm stats for minipim. 


displayed in Minipim case. 


ADSL 
ADSL 
ADSL media: 
LOF 1 
LOS 
LOM 
LOP 
TOC DA 
LOCDNI 


alarms None 


defects None 





ee 





ADSL Chipset Information: 
Vendor Country 
Vendor ID 


Vendor Specific: 


Seconds 


Count State 


iL OU 
i OK 
QO OK 
O OK 
CR OK: 
O OK 


ATU-R 
Ox0f 
STMI 


0x0000 


So following information will not be 


A= © 
Oxb5 
IFTN 
0x70de 


The output shows a summary of interface information. Verify the following information: 


e The physical interface is enabled. If the interface is shown as disabled, do either of the following: 


e Inthe CLI, delete the disable statement at the [edit interfaces interface-name] level of the configuration 


hierarchy. 
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e In J-Web, clear the Disable check box on the Interfaces page (Interfaces>interface-name). 


e The physical link is up. A link state of down indicates a problem with the interface module, interface 
port, or physical connection (link-layer errors). 


The last flapped time is an expected value. It indicates the last time the physical interface became 


unavailable and then available again. Unexpected flapping indicates likely link-layer errors. 


The traffic statistics reflect expected input and output rates. Verify that the number of inbound and 
outbound bytes and packets matches expected throughput for the physical interface. To clear the 
statistics and see only new changes, use the clear interfaces statistics interface-name command. 


e No ADSLalarms and defects appear that can render the interface unable to pass packets. When a defect 
persists for a certain amount of time, it is promoted to an alarm. The following are ADSL-specific alarms: 


e LOCDI-—Loss of cell delineation for interleaved channel. 

e LOCDNI-—Loss of cell delineation for noninterleaved channel. 
e LOF—Loss of frame. 

e LOM-—Loss of multiframe. 

e LOP—Loss of power. 


e LOS—Loss of signal. 


Examine the operational statistics for an ADSL interface. Statistics in the ATU-R (ADSL transceiver 
unit-remote) column are for the near end. Statistics in the ATU-C (ADSL transceiver unit-central office) 
column are for the far end. 


e Attenuation (dB)—Reduction in signal strength . 
e Capacity used (%)—Amount of ADSL usage. 


e Noise margin (dB)—Maximum extraneous signal allowed without causing the output to deviate from an 
acceptable level. 


e Output power (dBm)—Amount of power used by the ADSL interface. 


e Bit rate (kbps)—Data transfer speed on the ADSL interface. 


Verifying a PPPoA Configuration for an ATM-over-ADSL Interface 


Purpose 


Verify that the PPPoA configuration for an ATM-over-ADSL interface is correct. 


Action 


From operational mode, enter the show interfaces at-1/0/0 and the show access commands. 
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| Example: Configuring MLPPP-over-ADSL Interfaces 


IN THIS SECTION 


Requirements | 123 
Overview | 123 
Configuration | 124 


Verification | 124 


This example shows how to configure MLPPP on an ADSL interface. 


Requirements 


Before you begin, configure network interfaces as necessary. See “Understanding Ethernet Interfaces” on 
page 203. 


Overview 


In this example, you set the encapsulation as atm-mlppp-llc for the interface at-5/0/0. You then configure 
the family MLPPP bundle as Isq-0/0/0.1. 


Figure 7 on page 123 shows a typical example of MLPPP-over-ADSL end-to-end connectivity. 


Figure 7: MLPPP-over-ADSL Interface 


ADSL Link ATM Backbone 





J Series Device Patch Panel DSLAM Broadband-Remote-Access-Server 


OCc3a/DS3 
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Configuration 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode . 


To configure MLPPP on an ADSL interface: 


1. Configure an interface. 


[edit] 
user@host# edit interfaces at-5/0/0 unit 0 


2. Set the MLPPP encapsulation. 


[edit interfaces at-5/0/0 unit O] 
user@host# set encapsulation atm-mlppp-llc 


3. Specify the family MLPPP. 


[edit interfaces at-5/0/0 unit O] 
user@host# set family mlppp bundle Isq-0/0/0.1 


4. If you are done configuring the device, commit the configuration. 


[edit] 


user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interfaces at-5/0/0 command. 
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| Example: Configuring CHAP on DSL Interfaces 


IN THIS SECTION 


Requirements | 125 
Overview | 125 
Configuration | 125 


Verification | 127 


This example shows how to configure CHAP on either the ATM-over-ADSL or the ATM-over-SHDSL 
interface. 


Requirements 


Before you begin, configure network interfaces as necessary. See “Understanding Ethernet Interfaces” on 
page 203. 


Overview 


In this example, you specify the CHAP access profile and create an interface called at-3/0/0. You configure 
CHAP on either the ATM-over-ADSL or the ATM-over-SHDSL interface and specify a unique profile name 
called A-ppp-client containing a client list and access parameters. You then specify a unique hostname 
called A-at-3/0/0.0 to be used in CHAP. Finally, you set the passive option to handle incoming CHAP 
packets. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set access profile A-ppp-client client client1 chap-secret my-secret 
set interfaces at-3/0/0 unit 0 ppp-options chap access-profile A-ppp-client local-name A-at-3/0/0.0 passive 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure CHAP on either the ATM-over-ADSL or the ATM-over-SHDSL interface: 


1. Define a CHAP access profile. 

[edit] 

user@host# set access profile A-ppp-client client client1 chap-secret my-secret 
2. Create an interface. 

[edit] 

user@host# edit interfaces at-3/0/0 unit 0 
3. Configure CHAP and specify a unique profile name. 


[edit interfaces at-3/0/0 unit O] 
user@host# set ppp-options chap access-profile A-ppp-client 


4. Specify a unique hostname. 


[edit interfaces at-3/0/0 unit O] 
user@host# set ppp-options chap local-name A-at-3/0/0.0 


5. Set the option to handle incoming CHAP packets only. 


[edit interfaces at-3/0/0 unit O] 
user@host# set ppp-options chap passive 


Results 

From configuration mode, confirm your configuration by entering the show access profile A-ppp-client 
and show interfaces at-3/0/0 commands. If the output does not display the intended configuration, repeat 
the configuration instructions in this example to correct it. 


[edit] 

user@host# show access profile A-ppp-client 
client client1 chap-secret "$9$ikPQtu1SreOBcIMW-dk.P5QnApB"; ## SECRET-DATA 
[edit] 
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user@host# show interfaces at-3/0/0 
unit O { 
ppp-options { 
chap { 
access-profile A-ppp-client; 
local-name A-at-3/0/0.0; 
passive; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


@ = Verifying ADSL Interface Properties | 127 
@ Verifying a PPPoA Configuration for an ATM-over-ADSL Interface | 131 
@ Verifying an ATM-over-SHDSL Configuration | 131 


Confirm that the configuration is working properly. 


Verifying ADSL Interface Properties 


Purpose 


Verify that the ADSL interface properties are enabled. 


Action 


From operational mode, enter the show interfaces at-3/0/0 extensive command. 


user@host> show interfaces at-3/0/0 extensive 


Physical interface: at-3/0/0, Enabled, Physical link is Up 
Interface index: 141, SNMP ifIndex: 49, Generation: 142 








Link-level type: ATM-PVC, MTU: 4482, Clocking: Internal, ADSL mode, 
Speed: ADSL, Loopback: None 


Device flags : Present Running 





Link flags : None 


CoS queues 
Hold-times 
Gurseeniemacdelmesiss 
Last flapped 
Sig@icisicies les 





Input bytes 
Output bytes 
Input packets: 
Output packets: 
ILinsiwle, Siewoies § 
EOS S 0), 


L3 incompletes: 0, 


Drops: 0, 


L2 channelerrors: 0, 


8 supported, 8 maximum usable queues 


Up 0 ms, Down O ms 
OOM EWS3 SSeS) 9 17s 14! 


AWOS-OG=215 2S elteO@s) Powe (@lLeg4iles@ eicie)) 


cleared: Never 


AEG SiCEIe Seles 2 


Ss a oS © 


i oh’c-0l eso MA V.Or-e- OP sin ar-tciuis ele mE basale hari 


L2 mismatch timeouts: 0, 


Resource errors: 0 


Output errors: 


Camialer irremsilicilomss 3, 


Resource errors: 0 





ADSL alarms 
ADSL defects 
ADSL media: 

LOF 

LOS 

LOM 

LOP 

LOCDI 

LOCDNI 
ADSL status: 





Modem status 
DSL mode 
Last fail code: 


Subfunction 


Seconds in showtime 


ADSL Chipset Information: 


Vendor Country 


Vendor ID 


Vendor Specific: 


ADSL Statistics: 


Attenuation 


Capacity used(% 
Noise margin (dB) 


Output power (dBm) 


Bit rate (kbps) 


(dB) 





Errors: 0, Drops: 0, Aged packets: 








0 bps 
0 bps 
0 pps 
0 pps 


0,Policed discards: 0, 


@, IMONY Gieroiess ©), 


None 
None 
Seconds Count State 
iL i OK 
il IL OK 
0 OOK: 
0 0 OK 
0 0 OK 
0 OOK 
Showtime (Adsl2plus) 
Auto Annex A 
None 
0x00 
6093 
ALU 5 ATU-C 
Ox0f Oxb5 
STMI De Th 
0x0000 0x70de 
AlU-E. ATU-C 
0.0 0.0 
) 100 92 
es) 50) 
10.0 12.5 
Interleave Fast Interleave Fast 
0 24465 0 1016 
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Q 
a 
Q 
oO 
S 
Ss) 
iS) 





Received cells : 0 49 
Transmitted cells : 0 0 
AIMP Sit ateuish 
EiGSmsieciecr Hunt 
LOC : OK 
ATM Statistics: 





Uncorrectable HCS errors: 0, Correctable HCS errors: 0,Tx cell FIFO overruns: 
0,Rx cell FIFO overruns: 0,Rx cell FIFO underruns: 0, 
Umome Celll Coumes 42), Ounce cellil coumes W,Outjoue uchle eal coumes OW, Ouriomic 
VC queue drops: OInput no buffers: 0, Input length errors: 0, 
EO Meme Ole Sm 0) mln OUl eae ze elCanVC Sim pen UE mod GRC s/n) mela Ouiem@AMVinneellemrare) 
buffers: 0 


Packet Forwarding Engine configuration: 





Dest matdhoners loth 


Direction : Output 


CoS transmit queue Bandwidth Buffer Priority 
Limit 
% bps % usec 
0) ISSSiESSue HOSE 95 7600000 5) 0 low 
none 
3 network-control 5 400000 5 0 low 
none 


But for ADSL MiniPim TI chipset does not send ADSL Chipset 
Information. Also Adsl minipim does not send any alarms. So we can't 
show alarm stats for minipim. So following information will not be 


displayed in Minipim case. 








ADSL alarms : None 

ADSL defects : None 

ADSL media: Seconds Count State 
LOF a i OK 

LOS iL Oke 

LOM 0 O OK 

LOP 0 0 OK 
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LOCDI 0 O OK 

LOCDNI 0 O OK 

ADSL Chipset Information: ATU-R ATU-C 
Vendor Country : Ox0f Oxb5 
Vendor ID : STMI IFIN 
Vendor Specific: 0x0000 0x70de 


The output shows a summary of interface information. Verify the following information: 


e The physical interface is Enabled. If the interface is shown as Disabled, do either of the following: 


e Inthe CLI configuration editor, delete the disable statement at the [edit interfaces interface-name] 
level of the configuration hierarchy. 


e In the J-Web configuration editor, clear the Disable check box on the Interfaces page 
(Interfaces>interface-name). 


e The physical link is up. A link state of dDown indicates a problem with the interface module, interface 
port, or physical connection (link-layer errors). 


e The last flapped time is an expected value. It indicates the last time the physical interface became 
unavailable and then available again. Unexpected flapping indicates likely link-layer errors. 


e The traffic statistics reflect expected input and output rates. Verify that the number of inbound and 
outbound bytes and packets matches expected throughput for the physical interface. To clear the 
statistics and see only new changes, use the clear interfaces statistics interface-name command. 


e No ADSLalarms and defects appear that can render the interface unable to pass packets. When a defect 
persists for a certain amount of time, it is promoted to an alarm. The following are ADSL-specific alarms: 


e LOCDI-—Loss of cell delineation for interleaved channel 

e LOCDNI-—Loss of cell delineation for noninterleaved channel 
e LOF—Loss of frame 

e LOM-—Loss of multiframe 

e LOP—Loss of power 


e LOS—Loss of signal 


Examine the operational statistics for an ADSL interface. Statistics in the ATU-R (ADSL transceiver 
unit-remote) column are for the near end. Statistics in the ATU-C (ADSL transceiver unit-central office) 
column are for the far end. 


e Attenuation (dB)—Reduction in signal strength measured in decibels. 


e Capacity used (%)—Amount of ADSL usage in %. 
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e Noise margin (dB)—Maximum extraneous signal allowed without causing the output to deviate from an 
acceptable level. 


e Output power (dBm)—Amount of power used by the ADSL interface. 


e Bit rate (kbps)—Data transfer speed on the ADSL interface. 


Verifying a PPPoA Configuration for an ATM-over-ADSL Interface 


Purpose 


Verify that the PPPoA configuration for an ATM-over-ADSL interface is correct. 


Action 


From operational mode, enter the show interfaces at-3/0/0 and the show access commands. 


Verifying an ATM-over-SHDSL Configuration 


Purpose 


Verify that the interface properties are correct. 


Action 


From operational mode, enter the show interfaces at-3/0/0 extensive command. 


user@host> show interfaces at-3/0/0 extensive 


Physical interface: at-3/0/0, Enabled, Physical link is Up 
Interface index: 141, SNMP ifIndex: 23, Generation: 48 








Link-level type: ATM-PVC, MTU: 4482, Clocking: Internal, ADSL mode, Speed: ADSL, 





Loopback: None 

Device flags : Present Running 

Link flags : None 

Cosmaucues : 8 supported 

Hold-times Up) Omms; Downs Oms 

Cumeme ackhesss OMOS0DEES Sec A44s sic 

Last flapped > 2005-05-16 05:54:41 PDT (00:41:42 ago) 


Statistics last cleared: Never 


WEEE ILS SieSucasicalesis 


Input bytes : 4520 0 bps 
Output bytes : 39250 0 bps 
Input packets: FAL 0 pps 
Output packets: 130) 0 pps 


Igowhe, Sucielores} § 


IeeOrss O, Wreess O, lmvalicl Wess O, Hremunme eieorss O, Polieec! ciscamcise 0, 





L3 incompletes: 0, L2 channel errors: 1, L2 mismatch timeouts: 0, Resource 


errors: 0 


Transmit power (dB) 


Output errors: 


Caries irireinsalicilomss 3, 


RESOURCE Grrors: 


OUCIICNe Oumimeiask: 
0 ISSStE Siz Oi 
1 expedited-fo 
2 assured-forw 
3 network-cont 

SHDSL alarms 


SHDSL defects 





SHDSL media: 
LOSD 





SHDSL status: 





Annex 


Line termination 


:Annex B 





InEROESS O), 
0 
Queued packets 
4 
0 
0 
2340 
None 
None 
State 
239206 2 (Ol 
259208 il OK 
S 1 OK 
0 ORROKs 
3 OKs 


Seconds Count 


g SMnU IR 





Line Mod 
Modem Status 
Last fail code 


Framer mode 





Dying Gasp 
Chipset version 
Firmware versio 
SHD SP Ssitderst 1c 
Loop Attenuati 


Receiver gain (d 


SNR sampling (dB 


Baleeracites 


(kbps) 


Bit error rate 


CRO @rrors 


SEGA errors 


LOSW errors 


Received cells 





Transmitted cell 





HEC errors 


Cell drop 


:2-wir 


;Data 
30) 


:ATM 
:Enabled 





cel! 
im “Bins 50) 
Ss 
on (dB) 20.600 
31359) 
B) 221-420 
) 839.5690 

22304 


10) 


FILLS SaZ 9) 
s gL OLS TS 


Drops: 0, Aged packets: 


Transmitted packets 


4 
0 
0 
2340 


@, MANU ~erewosese 0, 


Dropped packets 
0 


0 
0 
0 


The output shows a summary of interface information. Verify the following information: 
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e The physical interface is enabled. If the interface is shown as disabled, do either of the following: 


e In the CLI configuration editor, delete the disable statement at the [edit interfaces interface-name] 
level of the configuration hierarchy. 


e In the J-Web configuration editor, clear the Disable check box on the Interfaces page 
(Interfaces>interface-name). 


e The physical link is up. A link state of down indicates a problem with the interface module, interface 
port, or physical connection (link-layer errors). 


e The last flapped time is an expected value. It indicates the last time the physical interface became 
unavailable and then available again. Unexpected flapping indicates likely link-layer errors. 


e The traffic statistics reflect expected input and output rates. Verify that the number of inbound and 
outbound bytes and packets matches expected throughput for the physical interface. To clear the 
statistics and see only new changes, use the clear interfaces statistics interface-name command. 


e No SHDSL alarms and defects appear that can render the interface unable to pass packets. When a 
defect persists for a certain amount of time, it is promoted to an alarm. 


e LOS—Loss of signal. No signal was detected on the line. 

e LOSW-—Loss of sync word. A message ID was sent. 

e Power status—A power failure has occurred. 

e LOSD—Loss of signal was detected at the remote application interface. 

e ES—Errored seconds. One or more cyclic redundancy check (CRC) anomalies were detected. 

e SES—Severely errored seconds. At least 50 CRC anomalies were detected. 

e UAS—Unavailable seconds. An interval has occurred during which one or more LOSW defects were 


detected. 


Examine the SHDSL interface status: 


Line termination—SHDSL transceiver unit-remote (STU-R). (Only customer premises equipment is 


supported.) 


e Annex—Either Annex A or Annex B. Annex A is supported in North America, and Annex B is supported 
in Europe. 


e Line mode—SHDSL mode configured on the G.SHDSL interface pair, either two-wire or four-wire. 
e Modem Status—Data. Sending or receiving data. 


Last fail code—Code for the last interface failure. 


Framer mode—Framer mode of the underlying interface: ATM. 


Dying gasp—Ability of a device that has lost power to send a message informing the attached DSL access 
multiplexer (DSLAM) that it is about to go offline. 
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e Chipset version—Version number of the chipset on the interface 


e Firmware version—Version number of the firmware on the interface. 
Examine the operational statistics for a SHDSL interface. 


Loop attenuation (dB)—Reduction in signal strength measured in decibels. 


Transmit power (dB)—Amount of SHDSL usage in %. 


Receiver gain (dB)—Maximum extraneous signal allowed without causing the output to deviate from an 


acceptable level. 


SNR sampling (dB)—Signal-to-noise ratio at a receiver point in decibels. 


Bit rate (kbps)—Data transfer speed on the SHDSL interface. 


CRC errors—Number of cyclic redundancy check errors. 


SEGA errors—Number of segment anomaly errors. A regenerator operating on a segment received 
corrupted data. 


LOSW errors—Number of loss of signal defect errors. Three or more consecutively received frames 


contained one or more errors in the framing bits. 


Received cells—Number of cells received through the interface. 


Transmitted cells—Number of cells sent through the interface. 


HEC errors—Number of header error checksum errors. 


Cell drop—Number of dropped cells on the interface. 


| Example: Configuring ATM-over-SHDSL Network Interfaces 


IN THIS SECTION 


Requirements | 135 
Overview | 135 
Configuration | 135 


Verification | 139 


This example shows how to configure ATM-over-SHDSL network interfaces. 


135 


Requirements 


Before you begin: 


e Configure network interfaces as necessary. See “Understanding Ethernet Interfaces” on page 203. 


e Configure PPPoE encapsulation on an Ethernet interface or on an ATM-over-ADSL interface. See 
“Understanding Point-to-Point Protocol over Ethernet” on page 343. 


Overview 


In this example, you set the ATM-over-SHDSL mode on the G.SHDSL interface, if required. You create an 
interface called at-2/0/0 and configure the physical properties for the interface. You configure the 
encapsulation type and annex type. You specify the SHDSL line rate for the ATM-over-SHDSL interface 
and the loopback address for testing the SHDSL connection integrity. Then you configure the SNR margin, 
set the logical interface, and configure the encapsulation for the ATM-over-SHDSL logical unit. 


Additionally, you configure the OAM liveness values for an ATM virtual circuit and set the OAM period, 
Finally, you add the family protocol type inet and configure the VCI value. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set chassis fpc 6 pic O shdsl pic-mode 1-port-atm 

set interfaces at-2/0/0 atm-options vpi 25 oam-liveness up-count 200 down-count 200 
set interfaces at-2/0/0 atm-options vpi 25 oam-period 100 

set interfaces at-2/0/0 encapsulation ethernet-over-atm shdsl-options annex annex-a 
set interfaces at-2/0/0 encapsulation ethernet-over-atm shdsl-options line-rate auto 
set interfaces at-2/0/0 encapsulation ethernet-over-atm shdsl-options loopback local 
set interfaces at-2/0/0 encapsulation ethernet-over-atm shdsl-options snr-margin current 5 snext 5 
set interfaces at-2/0/0 unit 3 encapsulation atm-nlpid 

set interfaces at-2/0/0 unit 3 oam-liveness up-count 200 down-count 200 

set interfaces at-2/0/0 unit 3 oam-period 100 

set interfaces at-2/0/0 unit 3 oam-period 100 

set interfaces at-2/0/0 unit 3 vci 35 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide. 


To configure ATM-over-SHDSL network interfaces for the device: 


1. Set the ATM-over-SHDSL mode on the G.SHDSL interface. 


[edit] 
user@host# set chassis fpc 6 pic 0 shdsl pic-mode 1-port-atm 


2. Create an interface. 
[edit] 
user@host# edit interfaces at-2/0/0 
3. Configure the physical properties for the interface. 
[edit interfaces at-2/0/0] 
user@host# set atm-options vpi 25 


user@host# set atm-options vpi 25 oam-liveness up-count 200 down-count 200 
user@host# set atm-options vpi 25 oam-period 100 


4. Configure the encapsulation type. 


[edit interfaces at-2/0/0] 
user@host# set encapsulation ethernet-over-atm 


5. Set the annex type. 
[edit] 


user@host# edit interfaces at-2/0/0 shdsl-options 
user@host# set annex annex-a 


6. Configure the SHDSL line rate. 


[edit interfaces at-2/0/0 shdsl-options] 
user@host# set line-rate auto 


7. Configure the loopback option for testing the SHDSL connection integrity. 
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[edit interfaces at-2/0/0 shdsl-options] 
user@host# set loopback local 


8. Configure the signal-to-noise ration margin. 


[edit interfaces at-2/0/0 shdsl-options] 
user@host# set snr-margin current 5 
user@host# set snr-margin snext5 


9. Configure the logical interface. 


[edit] 
user@host# edit interfaces at-2/0/0 unit 3 


10. Configure the encapsulation for the logical unit. 


[edit interfaces at-2/0/0 unit 3] 
user@host# set encapsulation atm-nlpid 


11. Configure the OAM liveness values for an ATM virtual circuit 


[edit interfaces at-2/0/0 unit 3] 
user@host# set oam-liveness up-count 200 down-count 200 


12. Configure the OAM period. 


[edit interfaces at-2/0/0 unit 3] 
user@host# set oam-period 100 


13. Add the Family protocol type. 


[edit interfaces at-2/0/0 unit 3] 
user@host# set family inet 


14. Configure the VCI value. 
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[edit interfaces at-2/0/0 unit 3] 


user@host# set vci 35 


Results 


From configuration mode, confirm your configuration by entering the show interfaces at-2/0/0 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 


example to correct it. 


[edit] 


user@host# show interfaces at-2/0/0 


encapsulation ethernet-over-atm; 
atm-options { 
vpi 25 { 
oam-period 100; 
oam-liveness { 
up-count 200; 
down-count 200; 


} 


shdsl-options { 
annex annex-a; 
line-rate auto; 
loopback local; 
snr-margin { 
current 5 
snext 5; 
} 
} 
unit 3 { 
encapsulation atm-nlpid; 
vei 35; 
oam-period 100; 
oam-liveness { 
up-count 200; 
down-count 200; 
} 


family inet; 


If you are done configuring the device, enter commit from configuration mode. 
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Verification 


Confirm that the configuration is working properly. 


Verifying an ATM-over-SHDSL Configuration 


Purpose 


Verify that the interface properties are correct. 


Action 


From operational mode, enter the show interfaces at-2/0/0 extensive command. 


user@host> show interfaces at-2/0/0 extensive 


Physical interface: at-2/0/0, Enabled, Physical link is Up 
Interface index: 141, SNMP ifIndex: 23, Generation: 48 








Link-level type: ATM-PVC, MTU: 4482, Clocking: Internal, ADSL mode, Speed: 





Loopback: None 

Device flags : Present Running 

Link flags : None 

CoS queues : 8 supported 

Hold-times : Up 0 ms, Down O ms 

Cucmsmc acklassss OOSOSseasge7saas se 

Last flapped 5 2005-WS=15 OSssas4i Rpm (OWs#ig42 age) 


Statistics last cleared: Never 


IENEIEsLe) Sieenesl sic shes s 


Input bytes : 4520 0 bps 
Output bytes : S92 50 0 bps 
Input packets: TAL 0 pps 
Output packets: 1309 0 pps 


Igoe, ueielores} § 


errors: 0 


Output errors: 








Resource errors: 0 


FNDIShAn 


ineroOrs: O, Deesse O, Unwedlic wese ©, weemaime exeorss O, Poldecc! chiseardsa: , 


L3 incompletes: 0, L2 channel errors: 1, L2 mismatch timeouts: 0, Resource 


Carrier transitions: 3, Errors: 0, Drops: 0, Aged packets: 0, MTU errors: 0, 


Queue counters: Queued packets Transmitted packets Dropped packets 
0 best-effort 4 4 0 
1 expedited-fo 0 0 0 
2 assured-forw 0 0 0 
3 network-cont 2340 2340 0 
SHDSL alarms : None 





SHDSL defects : None 
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SHDSL media: Seconds 
LOSD 239206 
LOSW 239208 
ES 3 
SES 0 
UAS S 





SHDSL status: 





Line termination :STU-R 


Annex :Annex B 





Line Mod ie Wees 
Modem Status :Data 
Last fail code :0 


Framer mode :ATM 








Dying Gasp :Enabled 
Chipset version :1 
Firmware version :R3.0 


SH Si ote clisslssiteiaeisr 











Loop Attenuation (dB) LO REOOO) 
Transmit power (dB) eles 
Receiver gain (dB) 921 AZO) 
SNR sampling (dB) 139, 5690 
Bit rate (kbps) 22304 
Bit error rate 20) 

CRC errors 20 

SEGA errors g 1 

LOSW errors :0 

Received cells FILLS 5A) 
Transmitted cells g1LOLSTS 
HEC errors 20 

Cell drop a0) 


The output shows a summary of interface information. Verify the following information: 


e The physical interface is enabled. If the interface is shown as disabled, do either of the following: 


e Inthe CLI configuration editor, delete the disable statement at the [edit interfacesinterface-name] level 


of the configuration hierarchy. 


e In the J-Web configuration editor, clear the Disable check box on the Interfaces page 


(Interfaces>interface-name). 


e The physical link is up. A link state of down indicates a problem with the interface module, interface 


port, or physical connection (link-layer errors). 


Count 


POF FB 


State 


OK 
OK 
OK 
OK 
OK 
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The last flapped time is an expected value. The last flapped time indicates the last time the physical 
interface became unavailable and then available again. Unexpected flapping indicates likely link-layer 
errors. 


The traffic statistics reflect expected input and output rates. Verify that the number of inbound and 
outbound bytes and packets matches expected throughput for the physical interface. To clear the 
statistics and see only new changes, use the clear interfaces statistics interface-name command. 


No SHDSL alarms and defects appear that can render the interface unable to pass packets. When a 
defect persists for a certain amount of time, it is promoted to an alarm. 


e LOS—Loss of signal. No signal was detected on the line. 

e LOSW-—Loss of sync word. A message ID was sent. 

e Power status—A power failure has occurred. 

e LOSD—Loss of signal was detected at the remote application interface. 

e ES—Errored seconds. One or more cyclic redundancy check (CRC) anomalies were detected. 
e SES—Severely errored seconds. At least 50 CRC anomalies were detected. 


e UAS—Unavailable seconds. An interval has occurred during which one or more LOSW defects were 
detected. 


Examine the SHDSL interface status: 


Line termination—SHDSL transceiver unit-remote (STU-R). (Only customer premises equipment is 
supported.) 


Annex—Either Annex A or Annex B. Annex A is supported in North America, and Annex B is supported 
in Europe. 


Line mode—SHDSL mode configured on the G.SHDSL interface pair, either two-wire or four-wire. 
Modem status—Data. Sending or receiving data. 

Last fail code—Code for the last interface failure. 

Framer mode —ATM Framer mode of the underlying interface. 

Chipset version—Version number of the chipset on the interface 


Firmware version—Version number of the firmware on the interface. 


Examine the operational statistics for a SHDSL interface. 


Loop attenuation (dB)—Reduction in signal strength measured in decibels. 
Transmit power (dB)—Amount of SHDSL usage in %. 


Receiver gain (dB)—Maximum extraneous signal allowed without causing the output to deviate from an 
acceptable level. 


SNR sampling (dB)—Signal-to-noise ratio at a receiver point in decibels. 


142 


e Bit rate (kbps)—Data transfer speed on the SHDSL interface. 
e CRC errors—Number of cyclic redundancy check errors. 


e SEGA errors—Number of segment anomaly errors. A regenerator operating on a segment received 
corrupted data. 


e LOSW errors—Number of loss of signal defect errors. Three or more consecutively received frames 
contained one or more errors in the framing bits. 


e Received cells—Number of cells received through the interface. 
e Transmitted cells—Number of cells sent through the interface. 
e HEC errors—Number of header error checksum errors. 


e Cell drop—Number of dropped cells on the interface. 


RELATED DOCUMENTATION 


| Understanding Point-to-Point Protocol over Ethernet | 343 


Configuring G.SHDSL Interfaces 


IN THIS SECTION 


SHDSL Interface Overview | 143 

G.SHDSL Mini-PIM Overview | 143 

G.SHDSL Mini-PIM Configuration Overview | 145 

Example: Configuring the G.SHDSL Interface on SRX Series Devices | 147 


Example: Configuring the G.SHDSL Interface in EFM Mode | 161 


The Symmetric high-speed DSL (SHDSL) interfaces supports an SHDSL multirate technology which helps 
for data transfer between a between a single CPE subscriber and a central office (CO). The topics below 
describe the SHDSL interfaces, G.'SHDSL mini-pim and its configuration, and examples of configuration 
of these interfaces on SRX series devices. 
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| SHDSL Interface Overview 


Symmetric high-speed DSL (SHDSL) interfaces on some SRX Series devices support an SHDSL multirate 
technology for data transfer between a single customer premises equipment (CPE) subscriber and a central 
office (CO). ITU-T G.991.2 is the official standard for describing SHDSL, also known as G.SHDSL. 


Unlike ADSL, which delivers more bandwidth downstream than available upstream, SHDSL is symmetrical 
and delivers a bandwidth of up to 2.3 Mbps in both directions. Because business applications require 
high-speed digital transportation methods, SHDSL is becoming very popular and gaining wide acceptance 
in the industry. Additionally, SHDSL is compatible with ADSL and therefore causes very little, if any, 
interference between cables. 


SHDSL is deployed on a network in much the same manner as ADSL. 


SHDSL interfaces support Packet Transfer Mode (PTM). In PTM, packets (IP, PPP, Ethernet, MPLS, and 
so on) are transported over DSL links as an alternative to using Asynchronous Transfer Mode (ATM). PTM 
is based on the Ethernet in the First Mile (EFM) IEEE 802.3ah standard. 


NOTE: Starting in Junos OS Release 15.1X49-D10 SHDSL interfaces are no longer supported 
on SRX300, SRX320, SRX340, SRX345, and SRX550HM devices. 


G.SHDSL Mini-PIM Overview 


Starting in Junos OS Release 15.1X49-D10 SHDSL interfaces are no longer supported on SRX300, SRX320, 
SRX340, SRX345, and SRX550HM devices. 


The G.SHDSL Mini-Physical Interface Module (Mini-PIM) provides the physical connection to DSL network 
media types. 


The G.SHDSL Mini-PIM provides the following Asynchronous Transfer Mode (ATM) key features: 

e 2-wire (4-port 2-wire) mode, 4-wire (2-port 4-wire) mode, and 8-wire (1-port 8-wire) mode support 
e Virtual circuits (VC) per Mini-PIM (10 maximum including OAM VC) 

e ATM-over-G.SHDSL framing 

e ATM OAM support 

e Maximum MTU size of 9180 bytes 

e Noise margin support 


e Point-to-Point Protocol over ATM and PPPoE over ATM encapsulation support 
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e Local loopback mode support 

e Dying gasp support 

The G.SHDSL Mini-PIM provides extended ATM CoS functionality to cells across the network. You can 
define bandwidth utilization, which consists of either a constant rate or a peak cell rate, with sustained 


cell rate and burst tolerance. By default, unspecified bit rate (UBR) is used because the bandwidth utilization 
is unlimited. 


The following ATM traffic shaping features are supported: 


e Constant bit rate (CBR)—CBR is the service category for traffic with rigorous timing requirements like 
voice and certain types of video. CBR traffic needs a constant cell transmission rate throughout the 
duration of the connection. 


e Variable bit rate, non-real-time (VBR-NRT)—VBR-NRT is intended for sources such as data transfer, 
which do not have strict time or delay requirements. VBR-NRT is suitable for packet data transfers. 


e Variable bit rate, real-time (VBR-RT)—VBR-RT is intended for sources such as data transfer, which takes 
place in real time. VBR-RT requires access to time slots at a rate that can vary significantly from time to 
time. 


Table 15 on page 144 displays the traffic descriptors specified for an ATM network. 


Table 15: Traffic Descriptors 


Traffic Descriptors Description 

Peak cell rate (PCR) Maximum rate at which traffic can burst. 

Sustained cell rate (SCR) Normal traffic rate averaged over time. 

Maximum burst size (MBS) Maximum burst size that can be sent at the peak rate. 


The G.SHDSL Mini-PIM provides the following Packet Transfer Mode (PTM) Ethernet in the First Mile 
(EFM) key features: 


e EFM PIC mode support 

e Maximum MTU size of 1514 bytes 
e PPPoE encapsulation support 

e Local loopback mode support 

e Chassis cluster mode support 

e Dying gasp support 

e IPvé support 

e VLAN over EFM support 
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The following four annexes are supported on the G.SHDSL Mini-PIM in both ATM and PTM EFM modes: 
e Annex A 
e Annex B 
e Annex F 


e Annex G 


Operating Modes and Line Rates of the G.SHDSL Mini-PIM 


The G.SHDSL Mini-PIM supports 2-wire (4-port 2-wire) mode, 4-wire (2-port 4-wire) mode, 8-wire (1-port 
8-wire) mode, and EFM mode. The default operating mode is 2x 4-wire for this G.SHDSL Mini-PIM. 
G.SHDSL is supported on all SRX210, SRX220, SRX240, and SRX550 devices using the symmetrical WAN 
speeds shown in Table 16 on page 145. 


Table 16: Symmetrical WAN Speeds 


Symmetrical WAN Speed 


Modes Using Annex A and B Symmetrical WAN Speed Using Annex F and G 
2-wire 2.3 Mbps From 768 Kbps to 5.696 Mbps 

4-wire 4.6 Mbps From 1.536 Mbps to 11.392 Mbps 

8-wire 9.2 Mbps From 3.072 Mbps to 22.784 Mbps 

EFM mode 2.3 Mbps From 768 Kbps to 5.696 Mbps 


NOTE: A maximum of 16 Mbps is supported on SRX210, SRX220, SRX240, and SRX550 devices. 


| G.SHDSL Mini-PIM Configuration Overview 


NOTE: Starting in Junos OS Release 15.1X49-D10 SHDSL interfaces are no longer supported 
on SRX300, SRX320, SRX340, SRX345, and SRX550HM devices. 


Specify the wire mode on the G.SHDSL interface using one of the following options: 


e 1-port-atm—Configures an 8-wire (1-port, 8-wire) wire mode. 


e 2-port-atm—Configures a 4-wire (2-port, 4-wire) wire mode. 


e 4-port-atm—Configures a 2-wire (4-port, 2-wire) wire mode. 


e efm—Configures an efm (1-port, 2-wire) wire mode. 


NOTE: The default wire mode is 4-wire (2-port, 4-wire). 


Specify the annex type using one of the following options: 


e Annex A 
e Annex B 
e Annex F 


e Annex G 


NOTE: The default annex type is auto. 


Specify the SHDSL line rate (speed of transmission of data on the SHDSL connection) using one of the 
following values: 


e auto—Automatically selects a line rate. 


e value—Selects a value between 192 kbps and 22,784 kbps. 


NOTE: The default line rate is auto. 


Specify the encapsulation type using one of the following values: 


NOTE: The pt interface does not require encapsulation types. 


The at interface encapsulation types are as follows: 


e atm-pvc—ATM permanent virtual circuits is the default encapsulation for ATM-over-SHDSL interfaces. 


For PPP over ATM (PPPoA) over SHDSL interfaces, use this type of encapsulation. Use this type of 
encapsulation if you are using ATM DSLAM. 


e ethernet-over-atm—Ethernet over ATM encapsulation. For PPP over Ethernet (PPPoE) over 
ATM-over-SHDSL interfaces that carry IPv4 traffic, use this type of encapsulation. Use this type of 
encapsulation if you are using IP DSLAM. 


Configure the encapsulation type using one of the following values: 
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atm-cisco-nlpid—Cisco NLPID encapsulation. 


atm-mlppp-Ilc—ATM MLPPP over AAL5/LLC encapsulation. 


atm-nlpid—ATM Network Layer protocol identifier (NLPID) encapsulation. 


atm-ppp-Ilc—AALS5 logical link control (LLC) encapsulation. 


atm-ppp-vc-mux—AAL5 multiplex encapsulation. 


atm-vc-mux—ATM virtual circuit multiplex encapsulation. 


atm-snap—ATM subnetwork attachment point (SNAP) encapsulation. 


ether-over-atm-llc—For interfaces that carry IPv4 traffic, use Ethernet over LLC encapsulation. You 


cannot configure multipoint interfaces if you use this type of encapsulation. 


ppp-over-ether-over-atm-llc—PPP over Ethernet over ATM LLC encapsulation. When you use this 


encapsulation type, you cannot configure the interface address. Instead you configure the interface 
address on the PPP interface. 


| Example: Configuring the G.SHDSL Interface on SRX Series Devices 


IN THIS SECTION 


Requirements | 147 
Overview | 148 
Configuration | 150 


Verification | 161 


This example shows how to configure the G.SHDSL interface on SRX Series devices. 


NOTE: Starting in Junos OS Release 15.1X49-D10 SHDSL interfaces are no longer supported 
on SRX300, SRX320, SRX340, SRX345, and SRX550HM devices. 


Requirements 


Before you begin: 
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e Configure the network interfaces as necessary. See “Understanding Ethernet Interfaces” on page 203. 


e Install the G.SHDSL Mini-PIM in the first slot of the SRX210 chassis. 
e Connect the SRX210 device to a DSLAM (IP DSLAM and ATM DSLAM). 


NOTE: This example uses an SRX210 Services Gateway. The information is also applicable to 


the SRX220 and SRX240 devices. 


Overview 


Figure 8 on page 148 shows the topology for the G.SHDSL Mini-PIM operating in 2X4-wire mode. 


Figure 8: G.SHDSL Mini-PIM Operating in 2X4-Wire Mode 
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Figure 9 on page 148 shows the topology for the G.SHDSL Mini-PIM operating in 4X2-wire mode. 
Figure 9: G.SHDSL Mini-PIM Operating in 4X2-Wire Mode 
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Figure 10 on page 149 shows the topology for the G.SHDSL Mini-PIM operating in 1X8-wire mode. 


149 


Figure 10: G.'SHDSL Mini-PIM Operating in 1X8-Wire Mode 





SRX210/SRX240 (CPE) G.SHDSL Mini-PIM Patch Panel DSLAM with G.SHDSL 

with RJ-45 connector 8-wire line cards 
Determine the operating wire mode (2-wire, 4-wire, or 8-wire) and corresponding CLI code listed in 
Table 17 on page 149. 


Table 17: Operating Wire Modes 


Wire Mode Configuration CLI Code 


2x4-wire Configuration set chassis fpc 1 pic O shdsl pic-mode 2-port-atm 


NOTE: The 2x4-wire configuration is the default 
configuration and behavior. 


4x2-wire Configuration set chassis fpc 1 pic O shdsl pic-mode 4-port-atm 
1x8-wire Configuration set chassis fpc 1 pic O shdsl pic-mode 1-port-atm 


A 
NOTE: When the wire mode is set to 8-wire, one physical interface (IFD) is created. Similarly 
for 4-wire mode and 2-wire mode, two IFDs and four IFDs are created, respectively. 


In this example, you first configure a basic G.'SHDSL interface. You set the operation wire mode to 
2-port-atm, the line rate to 4096, and the annex type to annex-a. 


You then configure the G.SHDSL interface when the device is connected to an IP DSLAM. You set the 
type of encapsulation to ethernet-over-atm and the ATM VPI option to O. Then you set the type of 
encapsulation on the G.SHDSL logical interface as ether-over-atm-llc and configure the ATM VCI option 
to 0.60. Also, you set the interface address for the logical interface to 1.1.1.1/24. 


Then you configure the G.SHDSL interface when the device is connected to an ATM DSLAM. You set the 
type of encapsulation to atm-pvc and the ATM VPI to O. Then you set the type of encapsulation on the 
G.SHDSL logical interface to atm-snap and the ATM VCI to 0.65. Also, you set the interface address for 
the logical interface to 2.1.1.1/24 


Next you configure PPPoE over ATM for the G.SHDSL Interface. You then set the ATM VPI to O and set 
the type of encapsulation to ppp-over-ether-over-atm-llc. You specify a PPPoE interface with the PAP 
access profile, local-name, and local-password. Then you configure the passive option to handle incoming 
PAP packets and set the logical interface as the underlying interface for the PPPoE session to at-1/0/0.0. 
Also, you set the number of seconds to 120 to wait before reconnecting after a PPPoE session is terminated. 
(The range is 1 through 4,294,967,295 seconds.) You then specify the logical interface as the client for 
the PPPoE interface and obtain an IP address by negotiation with the remote end. 


Finally, you configure PPPoA over ATM for the G.SHDSL Interface. You set the type of encapsulation to 
atm-pvc and the ATM VPI to O. You then set the type of encapsulation for PPP over ATM adaptation layer 
5 (AALS) logical link control (LLC) on the logical interface and set the ATM VCI to 122. You configure the 
PPPOA interface with the CHAP access profile as juniper and set the local-name for the CHAP interface 

to srx-210. Finally, you obtain an IP address by negotiation with the remote end. 


Configuration 


IN THIS SECTION 


Configuring a Basic G.SHDSL Interface | 150 

Configuring a G.SHDSL Interface When Connected to an IP DSLAM | 152 
Configuring a G.SHDSL Interface When Connected to an ATM DSLAM | 153 
Configuring PPPoE over ATM for the G.SHDSL Interface | 155 


Configuring PPPoA over ATM for the G.SHDSL Interface | 158 


Configuring a Basic G.SHDSL Interface 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set chassis fpc 1 pic O shdsl pic-mode 2-port-atm 
set interfaces at-1/0/0 shdsl-options line-rate 4096 annex annex-a 


Step-by-Step Procedure 
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The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To quickly configure a basic G.SHDSL interface: 


1. Select the operating wire mode. 


[edit] 
user@host# set chassis fpc 1 pic O shdsl pic-mode 2-port-atm 


2. Create an interface and set options. 


[edit] 
user@host# edit interfaces at-1/0/0 shdsl-options 


3. Configure the line rates. 


[edit interfaces at-1/0/0 shdsl-options] 
user@host# set line-rate 4096 


4. Set the annex type. 


[edit interfaces at-1/0/0 shdsl-options] 
user@host# set annex annex-a 


Results 


From configuration mode, confirm your configuration by entering the show interfaces at-1/0/0 and show 
chassis fpc 1 commands. If the output does not display the intended configuration, repeat the configuration 
instructions in this example to correct it. 


[edit] 
user@host# show interfaces at-1/0/0 
shdsl-options { 
annex annex-a; 
line-rate 4096; 
} 
[edit] 
user@host# show chassis fpc 1 
pic O { 
shdsl { 
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pic-mode 2-port-atm; 


} 


If you are done configuring the device, enter commit from configuration mode. 


Configuring a G.SHDSL Interface When Connected to an IP DSLAM 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces at-1/0/0 encapsulation ethernet-over-atm 

set interfaces at-1/0/0 atm-options vpi 0 

set interfaces at-1/0/0 unit O encapsulation ether-over-atm-llc vci 0.60 
set interfaces at-1/0/0 unit O family inet address 1.1.1.1/24 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure the G.SHDSL interface on an SRX210 device when the device is connected to an IP DSLAM: 


1. Create an interface. 


[edit] 
user@host# edit interfaces at-1/0/0 


2. Specify the type of encapsulation. 


[edit interfaces at-1/0/0] 
user@host# set encapsulation ethernet-over-atm 


3. Configure the ATM VPI option. 


[edit interfaces at-1/0/0] 
user@host# set atm-options vpi 0 


4. Specify the type of encapsulation for logical interface. 
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[edit interfaces at-1/0/0 ] 
user@host# edit unit 0 
user@host# set encapsulation ether-over-atm-llc 


5. Configure the ATM VCI options for the logical interface. 


[edit interfaces at-1/0/0 unit O] 
user@host# set vci 0.60 


6. Configure the interface address. 


[edit interfaces at-1/0/0 unit O] 
user@host# set family inet address 1.1.1.1/24 


Results 


From configuration mode, confirm your configuration by entering the show interfaces at-1/0/0 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 
user@host# show interfaces at-1/0/0 
encapsulation ethernet-over-atm; 
atm-options { 
vpi O; 


unit O { 
encapsulation ether-over-atm-llc; 
vci 0.60; 
family inet { 
address 1.1.1.1/24;, 
} 


If you are done configuring the device, enter commit from configuration mode. 


Configuring a G.SHDSL Interface When Connected to an ATM DSLAM 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces at-1/0/0 encapsulation atm-pvc atm-options vpi 0 
set interfaces at-1/0/0 unit 0 encapsulation atm-snap vci 0.65 


set interfaces at-1/0/0 unit O family inet address 2.1.1.1/24 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure the G.SHDSL interface on an SRX210 device when the device is connected to an ATM 


DSLAM: 


1. Create an interface. 


[edit] 
user@host# edit interfaces at-1/0/0 


2. Specify the type of encapsulation. 


[edit interfaces at-1/0/0] 
user@host# set encapsulation atm-pvc 


3. Configure the ATM VPI option. 


[edit interfaces at-1/0/0] 
user@host# set atm-options vpi 0 


4. Specify the type of encapsulation for the logical interface. 


[edit interfaces at-1/0/0] 
user@host# edit unit 0 
user@host# set encapsulation atm-snap 


5. Configure the ATM VCI option. 


[edit interfaces at-1/0/0 unit O] 
user@host# set vci 0.65 


6. Configure the interface address. 
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[edit interfaces at-1/0/0 unit 0] 
user@host# set family inet address 2.1.1.1/24 


Results 


From configuration mode, confirm your configuration by entering the show interfaces at-1/0/0 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 
user@host# show interfaces at-1/0/0 
encapsulation atm-pvc; 
atm-options { 
vpi O; 


unit O { 
encapsulation atm-snap; 
vci 0.65; 
family inet { 
address 2.1.1.1/24 


If you are done configuring the device, enter commit from configuration mode. 


Configuring PPPoE over ATM for the G.SHDSL Interface 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces at-1/0/0 encapsulation ethernet-over-atm atm-options vpi 0 

set interfaces at-1/0/0 unit 0 encapsulation ppp-over-ether-over-atm-llc vci 0.35 

set interfaces ppO unit O ppp-options pap access-profile pap_prof local-name srx-210 

set interfaces ppO unit 0 ppp-options pap local-password "$9$0tLw1SeN-woJDSr-wY2GU69Cp1RSre" 
set interfaces ppO unit O ppp-options pap passive 

set interfaces ppO unit 0 pppoe-options underlying-interface at-1/0/0.0 

set interfaces ppO unit 0 pppoe-options auto-reconnect 120 client 

set interfaces ppO unit O family inet negotiate-address 


Step-by-Step Procedure 
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The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure PPPoE over ATM on the G.SHDSL interface: 


1. Create an interface. 


[edit] 
user@host# edit interfaces at-1/0/0 


2. Specify the type of encapsulation. 


[edit interfaces at-1/0/0] 
user@host# set encapsulation ethernet-over-atm 


3. Configure the ATM VPI option. 


[edit interfaces at-1/0/0] 
user@host# set atm-options vpi 0 


4. Specify the type of encapsulation on the logical interface. 


[edit interfaces at-1/0/0] 
user@host# edit unit 0 
user@host# set encapsulation ppp-over-ether-over-atm-llc 


5. Configure the ATM VCI option. 


[edit interfaces at-1/0/0 unit O] 
user@host# set vci 0.35 


6. Configure a PPPoE interface with the PAP access profile. 
[edit] 


user@host# edit interfaces ppO unit O ppp-options pap 
user@host# set access-profile pap_prof 


7. Configure a local-name for the PAP interface. 


[edit interfaces ppO unit O ppp-options pap] 
user@host# set local-name srx-210 


8. Configure a local-password for the PAP interface. 


[edit interfaces ppO unit O ppp-options pap] 
user@host# set local-password "$9$0tLw1SeN-woJDSr-wY2GU69Cp1RSre" 


9. Set the passive option to handle incoming PAP packets. 


[edit interfaces ppO unit O ppp-options pap] 
user@host# set passive 


10. Specify the logical interface as the underlying interface for the PPPoE session. 


[edit] 
user@host# edit interfaces ppO unit O pppoe-options 
user@host# set underlying-interface at-1/0/0.0 


11. Specify the number of seconds. 


[edit interfaces ppO unit O pppoe-options] 
user@host# set auto-reconnect 120 


12. Set the logical interface as the client for the PPPoE interface. 


[edit interfaces ppO unit 0 pppoe-options] 
user@host# set client 


13. Obtain an IP address by negotiation with the remote end. 
[edit] 


user@host# edit interfaces ppO unit 0 
user@host# set family inet negotiate-address 


Results 
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From configuration mode, confirm your configuration by entering the show interfaces at-1/0/0 and show 
interfaces ppO commands. If the output does not display the intended configuration, repeat the configuration 
instructions in this example to correct it. 


[edit] 
user@host# show interfaces at-1/0/0 
encapsulation ethernet-over-atm; 
atm-options { 
vpi O; 


unit O { 
encapsulation ppp-over-ether-over-atm-llc; 
vei 0.35; 
} 
[edit] 
user@host# show interfaces ppO 
unit O { 
ppp-options { 
pap { 
access-profile pap_prof; 
local-name srx-210; 
local-password "$9$0tLw1SeN-woJDSr-wY2GU69Cp1RSre"; 
passive; 


} 


pppoe-options { 
underlying-interface at-1/0/0.0; 
auto-reconnect 120; 
client; 
} 
family inet { 
negotiate-address; 


If you are done configuring the device, enter commit from configuration mode. 


Configuring PPPoA over ATM for the G.SHDSL Interface 


CLI Quick Configuration 

To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces at-1/0/0 encapsulation atm-pvc atm-options vpi 0 

set interfaces at-1/0/0 unit 0 encapsulation atm-ppp-llc vci 1.122 

set interfaces at-1/0/0 unit 0 ppp-options chap access-profile juniper local-name srx-210 
set interfaces at-1/0/0 unit 0 family inet negotiate-address 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure PPPoA over ATM on the G.SHDSL interface: 


1. Create an interface. 


[edit] 
user@host# edit interfaces at-1/0/0 


2. Specify the type of encapsulation. 


[edit interfaces at-1/0/0] 
user@host# set encapsulation atm-pvc 


3. Configure the ATM VPI option. 


[edit interfaces at-1/0/0] 
user@host# set atm-options vpi 0 


4. Specify the type of encapsulation on the G.SHDSL logical interface. 
[edit] 


user@host# edit interfaces at-1/0/0 unit 0 
user@host# set encapsulation atm-ppp-llc 


5. Configure the ATM VCI option. 


[edit interfaces at-1/0/0 unit O] 
user@host# set vci 1.122 


6. Configure a PPPoA interface with the CHAP access profile. 
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[edit] 
user@host# edit interfaces at-1/0/0 unit 0 ppp-options chap 
user@host# set access-profile juniper 


7. Configure a local name for the CHAP interface. 


[edit interfaces at-1/0/0 unit O ppp-options chap] 
user@host# set local-name srx-210 


8. Obtain an IP address by negotiation with the remote end. 


[edit] 
user@host# edit interfaces at-1/0/0 unit 0 
user@host# set family inet negotiate-address 


Results 


From configuration mode, confirm your configuration by entering the show interfaces at-1/0/0 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 
user@host# show interfaces at-1/0/0 
encapsulation atm-pvc; 
atm-options { 
vpi O; 


unit O { 
encapsulation atm-ppp-llc; 
vei 1.122; 
ppp-options { 
chap { 
access-profile juniper; 
local-name srx-210; 
} 
} 
family inet { 
negotiate-address; 


If you are done configuring the device, enter commit from configuration mode. 
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Verification 


Confirm that the configuration is working properly. 


Verifying G.SHDSL Interface Properties 


Purpose 


Verify that the G.SHDSL interface properties are configured properly. 


Action 


From operational mode, enter the show interfaces at-1/0/0 extensive command. 


| Example: Configuring the G.SHDSL Interface in EFM Mode 


IN THIS SECTION 


Requirements | 161 
Overview and Topology | 162 
Configuration | 163 


Verification | 168 


This example shows how to configure the G.SHDSL interface in Ethernet in the First Mile (EFM) mode on 
an SRX210 device, but it applies to the SRX220, SRX240, and SRX550 devices as well. 


NOTE: Starting in Junos OS Release 15.1X49-D10 SHDSL interfaces are no longer supported 
on SRX300, SRX320, SRX340, SRX345, and SRX550HM devices. 


Requirements 


This example uses the following hardware and software components: 


e An SRX210 device 
e Junos OS Release 12.1X44-D10 or later 


Before you begin: 
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e Configure the network interfaces as necessary. See “Understanding Ethernet Interfaces” on page 203. 
e Install the GSSHDSL Mini-PIM in the first slot of the SRX210 chassis. 
e Connect the SRX210 device to an EFM supported IP DSLAM. 


Overview and Topology 


In this example, you first configure a basic G.SHDSL interface by setting the operation wire mode to efm, 
the line rate to auto, and the annex type to annex-auto. 


You then configure the G.SHDSL interface when the device is connected to an EFM IP DSLAM. You set 
the logical interface to 10.10.10.1/24. 


Next you configure PPPoE for the G.SHDSL Interface. Configure the encapsulation as ppp-over-ether 
under unit O of pt-1/0/0 interface. You specify a PPPoE interface with the PAP access profile, local name, 
and local password. Then you configure the passive option to handle incoming PAP packets and set the 
logical interface as the underlying interface for the PPPoE session to pt-1/0/0.0. Also, you set the number 
of seconds to 120 to wait before reconnecting after a PPPoE session is terminated. (The range is 1 through 
4,294,967,295 seconds.) Finally, you specify the logical interface as the client for the PPPoE interface and 
obtain an IP address by negotiation with the remote end. 


Figure 11 on page 162 shows the topology for the G.SHDSL Mini-PIM operating in EFM mode. 


Figure 11: G.'SHDSL Mini-PIM Operating in EFM Mode 


Beuniper 





SRX210/SRX220/ RJ-45 cable split into Patch Panel DSLAM with G.SHDSL 
SRX240/SRX550 (CPE) four RJ-11 connectors EFM line cards 
with 2-wire support 


Table 18 on page 162 lists the operating wire mode for EFM and its corresponding CLI code. 
Table 18: Operating Wire Mode for EFM 


Wire Mode Configuration CLI Code 


EFM Configuration set chassis fpc 1 pic O shdsl pic-mode efm 
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NOTE: When PIC mode is set to EFM, an interface called pt-1/0/0 is created. 


Configuration 


IN THIS SECTION 


@ Configuring a Basic G.SHDSL Interface in EFM PIC Mode | 163 
@ Configuring PPPoE and VLAN for the G.SHDSL EFM Interface | 165 


Configuring a Basic G.SHDSL Interface in EFM PIC Mode 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set chassis fpc 1 pic O shdsl pic-mode efm 

set interfaces pt-1/0/0 shdsl-options annex annex-g 

set interfaces pt-1/0/0 shdsl-options line-rate 5696 

set interfaces pt-1/0/0 unit O family inet address 10.10.10.1/24 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure a basic G.SHDSL interface: 


1. Specify the PIC mode. 


[edit] 
user@host# set chassis fpc 1 pic 0 shdsl pic-mode efm 
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NOTE: When configuring the G.SHDSL interface in chassis cluster mode, include the node 
ID. For example, to configure the G.SHDSL interface (operating in EFM PIC mode) in chassis 
cluster mode for fpc slot 1 on node O, use the following command: 


set chassis node 0 fpc 1 pic O shdsl pic-mode efm 


2. Configure the IP address. 
[edit] 


user@host# set interfaces pt-1/0/0 unit 0 family inet address 10.10.10.1/24 


NOTE: By default, annex mode and line rate are set to auto. If you have to configure annex 
mode (annex-g) and line rate (5696 Kbps), follow Steps 3, 4, and 5. 


3. Configure SHDSL options. 


[edit] 
user@host# set interfaces pt-1/0/0 shdsl-options 


4. Specify the annex type. 


[edit interfaces pt-1/0/0 shdsl-options] 
user@host# set annex annex-g 


5. Configure the line rate. 


[edit interfaces pt-1/0/0 shdsl-options] 
user@host# set line-rate 5696 


Results 


From configuration mode, confirm your configuration by entering the show interfaces pt-1/0/0 and show 
chassis fpc 1 commands. If the output does not display the intended configuration, repeat the configuration 
instructions in this example to correct it. 


[edit] 


user@host# show interfaces pt-1/0/0 
shdsl-options { 

annex annex-g; 

line-rate 5696; 


unit O { 
family inet { 
address 10.10.10.1/24; 


} 
[edit] 
user@host# show chassis fpc 1 
pic Of{ 
shdsl { 
pic-mode efm; 


} 


If you are done configuring the device, enter commit from configuration mode. 


Configuring PPPoE and VLAN for the G.SHDSL EFM Interface 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


NOTE: In this configuration, we use PAP as the authentication mechanism. If Broadband Remote 
Access Server (BRAS) uses CHAP, PAP configuration should be replaced with CHAP. 


set interfaces pt-1/0/0 unit O encapsulation ppp-over-ether 

set interfaces ppO unit 0 ppp-options pap access-profile pap_prof local-name srx-210 

set interfaces ppO unit O ppp-options pap local-password "$9$0tLw1SeN-woJDSr-wY2GU69Cp1RSre" 
set interfaces ppO unit 0 ppp-options pap passive 

set interfaces ppO unit 0 pppoe-options underlying-interface pt-1/0/0.0 

set interfaces ppO unit 0 pppoe-options auto-reconnect 120 client 

set interfaces ppO unit O family inet negotiate-address 


Step-by-Step Procedure 
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The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure PPPoE for the G.SHDSL EFM Interface: 


1. Create an interface. 


[edit] 
user@host# set interfaces pt-1/0/0 


2. Specify the type of encapsulation. 


[edit interfaces pt-1/0/0] 
user@host# set unit 0 
user@host# set encapsulation ppp-over-ether 


3. Configure a PPPoE interface with the PAP access profile. 
[edit] 


user@host# set interfaces ppO unit O ppp-options pap 
user@host# set access-profile pap_prof 


4. Configure a local name for the PAP interface. 


[edit interfaces ppO unit O ppp-options pap] 
user@host# set local-name srx-210 


5. Configure a local password for the PAP interface. 


[edit interfaces ppO unit O ppp-options pap] 
user@host# set local-password "$9$0tLw1SeN-woJDSr-wY2GU69Cp1RSre" 


6. Set the passive option to handle incoming PAP packets. 


[edit interfaces ppO unit O ppp-options pap] 
user@host# set passive 


7. Specify the logical interface as the underlying interface for the PPPoE session. 
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[edit] 
user@host# set interfaces ppO unit 0 pppoe-options 
user@host# set underlying-interface pt-1/0/0.0 


8. Specify the number of seconds. 


[edit interfaces ppO unit O pppoe-options] 
user@host# set auto-reconnect 120 


9. Set the logical interface as the client for the PPPoE interface. 


[edit interfaces ppO unit O pppoe-options] 
user@host# set client 


10. Obtain an IP address by negotiation with the remote end. 


[edit interfaces] 
user@host# set ppO unit O family inet negotiate-address 


11. Configure VLAN on EFM. 


[edit interfaces] 
user@host# set pt-1/0/0 vlan-tagging 


12. Specify the VLAN ID. 


[edit interfaces] 
user@host# set pt-1/0/0 unit 0 vian-id 99 


Results 


From configuration mode, confirm your configuration by entering the show interfaces pt-1/0/0 and show 
interfaces ppO commands. If the output does not display the intended configuration, repeat the configuration 
instructions in this example to correct it. 


[edit] 
user@host# show interfaces pt-1/0/0 
vian-tagging; 


unit O { 
encapsulation ppp-over-ether; 
vian-id 99; 
} 
[edit] 
user@host# show interfaces ppO 
unit O { 
ppp-options { 
pap { 
access-profile pap_prof; 
local-name srx-210; 
local-password "$9$0tLw1SeN-woJDSr-wY 2GU69Cp1RSre"; 
passive; 


} 

pppoe-options { 
underlying-interface pt-1/0/0.0; 
auto-reconnect 120; 
client; 

} 

family inet { 


negotiate-address; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


Verifying G.SHDSL Interface Properties 


Purpose 


Verify that the G.SHDSL interface properties are configured properly. 


Action 


From operational mode, enter the show interfaces pt-1/0/0 extensive command. 


user@host> show interfaces pt-1/0/0 extensive 


EFM mode for interface pt-1/0/0: 





Physical interface: pt-1/0/0, Enabled, Physical link is Up 
Interface index: 158, SNMP ifIndex: 575, Generation: 277 
Link-level type: Ethernet, MTU: 1514, Speed: SHDSL(8-Wire) 
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Device flags 
Link flags 
CoS queues 
Hold-times 


Current address: 


Present Running 
None 

8 supported, 
Up 0 ms, Down O ms 


HS3 eS Sila GO) s Zire 3 SS) 





Last flapped 





UTRARELG SEAS LSS 3 
Input 


Output 


bytes 
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Input 
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packets: 

packets: 

IMAYOWE, Susieieyr1eS} § 

0, 

L3 incompletes: 
0 


Output errors: 





BErors: DEeops; 


0, 


0, 


(Caiereslaie ieiesiausji ealCuayss 9 


Resource errors: 0 





Type 

Active Pairs 
rate 

Pyobisran) Up 

Active alarms 

Active defects 
SHDSL media: 


‘Ss 


(e3| 


n 
El 
n 





UAS 
SHDSE status: 
Line 


Annex 





Line mode 
Modem status 
(kbps) 


Last fail mode 


Bit rate 


Framer mode 


PAF Status 
Dying gasp 


SEHD Sime Siechenles eaaesr: 





Transmit power 


Loop attenuation 


EFM Group Statistics: 


(in Kbps) 


None 


None 


Seconds 


termination 


Brammer Sync Status 


ZOLZ AOI WOe@s gis lewye 


Statistics last cleared: 


Invalid VCs: 


L2 channel errors: 


0, 


(dB) 


(dBm) 


sy Ss ~w Ss 


0, 
0, 





lmiereoO~eses O, Dieoose 0, 


EFM bond 





22784 


Count State 
0 
0 


0 


Sani 
Annex G 
2-wire 
Data 

5696 

o failure (0x00) 
EFM 

Active 

Enabled 





In sync 


0.0 
14.0 


Framing errors: 


8 maximum usable queues 


(WOEL2S8257 Eero) 
AQI2Z=1O=Lil OOSS2305 iww 


(00:00:05 


fey (ey is ‘= 


0, 


L2 mismatch timeouts: 


Aged packets: 


Policed discards: 
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ago) 


bps 
bps 
pps 
pps 


0, 


0, Resource errors: 


O, IMANO Gieoiese (0), 


n 


R sampling (dB) 


CRC errors 





SEGA errors 

LOSW errors 

Inning: Waease i £ Wis 
Active alarms : None 


Active defects : None 





SHDSL media: Seconds 
ES 0 
SES 0 
UAS 0 


SHDSE status: 
Line termination 
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Line mode 

Modem status 

Bit rate (kbps) 
Last fail mode 
Framer mode 

PAF Status 

Dying gasp 

Pramer sync status 


SEHD Sime Siecierlss tease sr: 





Loop attenuation (dB) 
Transmit power (dBm) 
SNR sampling (dB) 


CRC errors 





SEGA errors 

LOSW errors 

Line Pair 2 : Up 
Active alarms : None 


Active defects : None 





SHDSL media: Seconds 
ES 0 
SES 0 
UAS 0 


SHDSE ‘status’: 
Line termination 
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Line mode 
Modem status 
Bit rate (kbps) 
Last fail mode 


Framer mode 


14.0000 


Count State 


Sais 

Annex G 

2-wire 

Data 

5696 

o failure (0x00) 
EFM 

Active 

Enabled 





Ems yRc 


0.0 
14.0 
19.0000 
0 

0 

0 


Count State 


SUS 
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2-wire 
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PAF Status : Active 
Dying gasp : Enabled 
iMiecitleie SWiale! Sieeseiwis) 8 Mio Syyiave! 


SIDS SEE Asie aes 





Loop attenuation (dB) ONO) 
Transmit power (dBm) pees 8 8 
SNR sampling (dB) : 14.0000 
GRE Sircors g © 
SEGA errors 2 © 
LOSW errors g © 

Line Pair 3 : Up 

Active alarms : None 


Active defects : None 





SHDSL media: Seconds Count Siare 
ES 0 
SES 0 
UAS 0 


SHD SE stacush: 











Line termination 8 SMUIAR 
Annex : Annex G 
Line mode : 2-wire 
Modem status : Data 
Bit rate (kbps) EE SIOWIO 
Last fail mode : No failure (0x00) 
Framer mode EM 
PAF Status : Active 
Dying gasp : Enabled 
IMesinsie Syine Siceiews 8 Min Syne 
SED Se siecltesle sites ine sys 
Loop attenuation (dB) & AL 
Transmit power (dBm) geal ies 8) 
SNR sampling (dB) g I, OOO 
CRE SieKors a0) 
SEGA errors g © 
LOSW errors g © 
Packet Forwarding Engine configuration: 
Destination slot: 0 (0x00) 





CoS information: 


Dee Cee ornme- an ©Uitsto Ute 


CoS transmit queue Bandwidth Buffer Priority 
Limit 
% bps % usec 
0 best-effort 95 21644800 oS) 0 low 


none 
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3 network-control 5 LISYZ200) 5) 0 low 


none 


Meaning 
The output shows a summary of interface information. Verify the following information: 
e The physical interface is enabled. If the interface is shown as disabled, do either of the following: 


e Inthe CLI configuration editor, delete the disable statement at the [edit interfacesinterface-name] level 
of the configuration hierarchy. 


e In the J-Web configuration editor, clear the Disable check box on the Interfaces page 
(Interfaces>interface-name). 


e The physical link is up. A link state of down indicates a problem with the interface module, interface 
port, or physical connection (link-layer errors). 


e The last flapped time is an expected value. The last flapped time indicates the last time the physical 
interface became unavailable and then available again. Unexpected flapping indicates likely link-layer 
errors. 


e The traffic statistics reflect expected input and output rates. Verify that the number of inbound and 
outbound bytes and packets matches expected throughput for the physical interface. To clear the 
statistics and see only new changes, use the clear interfaces statistics interface-name command. 


e The following information is displayed for each line pair: 


No SHDSL alarms and defects appear that can render the interface unable to pass packets. When a 
defect persists for a certain amount of time, it is promoted to an alarm. 


e LOSW-—Loss of sync word. A message ID was sent. 

e LOSD—Loss of signal was detected at the remote application interface. 

e ES—Errored seconds. One or more cyclic redundancy check (CRC) anomalies were detected. 

e SES—Severely errored seconds. At least 50 CRC anomalies were detected. 

e UAS—Unavailable seconds. An interval has occurred during which one or more LOSW defects were 


detected. 


Examine the SHDSL interface status: 


e Line termination—SHDSL transceiver unit-remote (STU-R). (Only customer premises equipment is 
supported.) 


e Annex—Either Annex A or Annex B. Annex A is supported in North America, and Annex B is supported 
in Europe. 


e Line mode—SHDSL mode configured on the G.SHDSL interface pair, and it should be two-wire. 


Modem status—Data. Sending or receiving data. 


Bit rate (kbps)—Data transfer speed on the SHDSL interface. 


e Last fail code—Code for the last interface failure. 


Framer mode—ATM framer mode of the underlying interface. 


PAF Status—Either Active/Inactive depending upon whether link added to EFM group or not. 


Examine the operational statistics for a SHDSL interface. 


e Loop attenuation (dB)—Reduction in signal strength. 


e Transmit power (dB)—Amount of SHDSL. 


e SNR sampling (dB)—Signal-to-noise ratio at a receiver point. 


e CRC errors—Number of cyclic redundancy check errors. 


e SEGA errors—Number of segment anomaly errors. A regenerator operating on a segment received 


corrupted data. 


e LOSW errors—Number of loss of signal defect errors. Three or more consecutively received frames 


contained one or more errors in the framing bits. 


Release History Table 


Release 


15.1X49-D10 


15.1X49-D10 


15.1X49-D10 


15.1X49-D10 


15.1X49-D10 


Description 


Starting in Junos OS Release 15.1X49-D10 SHDSL interfaces are no longer supported 
on SRX300, SRX320, SRX340, SRX345, and SRX550HM devices. 


Starting in Junos OS Release 15.1X49-D10 SHDSL interfaces are no longer supported 
on SRX300, SRX320, SRX340, SRX345, and SRX550HM devices. 


Starting in Junos OS Release 15.1X49-D10 SHDSL interfaces are no longer supported 
on SRX300, SRX320, SRX340, SRX345, and SRX550HM devices. 


Starting in Junos OS Release 15.1X49-D10 SHDSL interfaces are no longer supported 
on SRX300, SRX320, SRX340, SRX345, and SRX550HM devices. 


Starting in Junos OS Release 15.1X49-D10 SHDSL interfaces are no longer supported 
on SRX300, SRX320, SRX340, SRX345, and SRX550HM devices. 
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VDSL2 Interfaces 


SUMMARY IN THIS SECTION 


@ VDSL2 Interface Overview | 174 
Learn about VDSL2 interface details and how to 


@ p i 
configure the interfaces on security devices. EINES Soils MeL ainsi ses] Yk 


| VDSL2 Interface Overview 


Very-high-bit-rate digital subscriber line (VDSL) technology is part of the xDSL family of modem 
technologies, which provide faster data transmission over a single flat untwisted or twisted pair of copper 
wires. Table 19 on page 174 specifies the key details of the VDSL2 interface. 


Table 19: VDSL2 Interface Details 


Interface Details Description 
Interface name SRX-MP-1VDSL2-R 
Supported on For information about platforms support, see hardware compatibility tool (HCT). 


Interface type pt- represents VDSL2 interface when you configure pt- to function as VDSL2. 


e Interface pt-1/0/0 comes up by default. 


Use cases Connects you and the service provider networks over a single connection to provide 


high bandwidth applications (triple-play services) like high-speed Internet access, 
Telephone services (VoIP (Voice over IP protocol), High-Definition TV (HDTV)), and 
Interactive gaming services. 

VDSL2 carries the data and multimedia on the copper wire without interrupting the 
line's ability to carry voice signals. VDSL2 provides an ADSL interface in an ATM DSLAM 
topology and a VDSL2 interface in an IP or VDSL DSLM topology. 


For information on VDSL2 hardware specifications, see 1-Port VDSL2 Annex A Mini-Physical Interface 
Module (SRX-MP-1VDSL2-R). 
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Features Supported on the VDSL2 Interface 


Table 20 on page 175 describes the key features supported on VDSL2 interface. 


Table 20: Key Features Supported on VDSL2 


Feature 


Packet Transfer Mode 
(PTM) 


Discrete multitone (DMT) 


modulation 


Backward compatibility 


Vectoring 


IPvé Support 


Description 


e Uses the named interface pt-1/0/0 and transports packets (IP, PPP, Ethernet, MPLS, 


and so on) over DSL links as an alternative to using Asynchronous Transfer Mode (ATM). 


Based on the Ethernet in the First Mile (EFM) IEEE802.3ah standard. 


Separates a digital subscriber line signal to a usable frequency range of 256 frequency 
bands (or channels) with 4.3125 KHz each. 


Uses the Fast Fourier Transform (FFT) algorithm for demodulation or modulation for 
increased speed. 


Backward compatible with most ADSL interface standards. 
In ADSL fallback mode, VDSL2 operates on the ATM encapsulation interface in the first 
mile and uses the interface at-1/0/0. 


Takes about 60 seconds to switch from VDSL2 to ADSL or from ADSL to VDSL2 
operating modes. 


Employs coordination of line signals to reduce crosstalk levels to provide improved 


performance. 


The ITU-T G.993.5 standard also known as G.vector, describes vectoring for VDSL2. 


Supports IPv6 on the DSL encapsulations like ATM physical interface encapsulations, 
atm-pvc, ethernet-over-atm, ethernet-over-atm, and ATM logical interface encapsulations 


except for atm-vc-mux and ppp-over-ether-over-atm-llc. 


To configure IPv6é addresses on DSL interfaces in ATM or PTM mode, include the family 
protocol type as ineté. 


For more information on supported features and profiles on VDSL2 interfaces, see1-Port VDSL2 Annex 
A Mini-Physical Interface Module (SRX-MP-1VDSL2-R). 


VDSL2 Network Deployment Topology 


The VDSL2 interface uses either Gigabit Ethernet or fiber as second mile to connect to the Broadband 


Remote Access Server (B-RAS). Figure 12 on page 176 shows a typical VDSL2 network topology. 
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Figure 12: Typical VDSL2 End-to-End Connectivity and Topology Diagram 
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The ADSL interface uses either Gigabit Ethernet or OC3/DS3 ATM as the second mile to connect to the 
B-RAS. Figure 13 on page 176 shows a backward-compatible ADSL topology using ATM DSLAM. 


Figure 13: Backward-Compatible ADSL Topology (ATM DSLAM) 
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Example: Configure VDSL2 Interface 
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@ Verification | 188 
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In this example you configure the VDSL2 interface and VDSL2 interface on VDSL2 Mini-PIMs. On VDSL2 
Mini-PIMs, the pt-1/0/0 interface is created by default. You can switch to ADSL mode by configuring 
at-1/0/0. You can deactivate pt-1/0/0 before you create at-1/0/0 or deactivate at-1/0/0 to create 
pt-1/0/0. Make sure that you have deleted the previous configurations on pt-1/0/0 and ppoO. 


In this example: 


1. 


2 
3. 
4 


To configure VDSL2 Interfaces in ADSL mode: 


Begin a new configuration on a VDSL2 Mini-PIM. 
. Deactivate previous interfaces and delete the old configuration. 
Set the interfaces with the VDSL profile and the Layer 3 configuration for the end-to-end data path. 


. Configure the PPPoE on the pt-1/0/0 interface with a static IP address or CHAP authentication with 


unnumbered IP address (PAP authentication or CHAP authentication). 


. Configure PPPoE on the pt-1/0/0 interface with negotiated IP address (PAP authentication or CHAP 


authentication). 


. Configure the ADSL interface for end-to-end data path. 


. Configure PPPoA on the at-1/0/0 interface with a negotiated IP address and either PAP authentication 


or CHAP authentication. 


. Configure a static IP address and an unnumbered IP address (and either PAP authentication or CHAP 
authentication) for PPPoA on the at-1/0/0 interface. 


. Configure PPPoE on the at-1/0/0 interface with a negotiated IP address and either PAP authentication 


or CHAP authentication. 


Table 21 on page 177 specifies the CLI quick configuration commands used for configuring VDSL2 interfaces. 


Table 21: CLI Quick Configuration 


Configuration Step 


Configure the VDSL2 interface and enable VLAN 
tagging 


Begin a new configuration on a VDSL2 Mini-PIM 


Configure VDSL2 Mini-PIM for End-to-End Data 
Path 


CLI Quick Configuration Commands 


set interfaces pt-1/0/0 vdsl-options vdsl-profile auto 
set interfaces pt-1/0/0 vian-tagging 
set interfaces pt-1/0/0 unit 0 vlan-id 100 


[edit] 

deactivate interface pt-1/0/0 
deactivate interface at-1/0/0 
delete interface pt-1/0/0 
delete interface ppO 


set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a 
set interfaces pt-1/0/0 unit 0 family inet address 
11.11.11.1/24 


Table 21: CLI Quick Configuration (continued) 


Configuration Step 


Configure PPPoE on the pt-1/0/0 Interface with 
a Static IP Address 


Configure PPPoE on the pt- Interface with a Static 
IP Address (CHAP Authentication) 


Configure PPPoE on the pt-x/x/x Interface with 
Unnumbered IP (PAP Authentication) 
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CLI Quick Configuration Commands 


user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 
17a 

user@host# set interfaces pt-1/0/0 unit 0 encapsulation 
ppp-over-ether 

user@host# set interfaces ppO unit O ppp-options pap 
access-profile pap_prof local-name locky local-password 
india passive 

user@host# set interfaces ppO unit 0 pppoe-options 
underlying-interface pt-1/0/0.0 auto-reconnect 120 client 

user@host# set interfaces ppO unit 0 family inet address 
10.1.1.6/24 

user@host# set access profile pap_prof authentication-order 
password client cuttack pap-password india 


user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 
17a 

user@host# set interfaces pt-1/0/0 unit 0 encapsulation 
ppp-over-ether 

user@host# set interfaces ppO unit O ppp-options chap 
default-chap-secret india local-name locky passive 

user@host# set interfaces ppO unit 0 pppoe-options 
underlying-interface pt-1/0/0.0 auto-reconnect 120 client 

user@host# set interfaces ppO unit 0 family inet address 
10.1.1.6/24 


user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 
17a 

user@host# set interfaces pt-1/0/0 unit 0 encapsulation 
ppp-over-ether 

user@host# set interfaces loO unit O family inet address 
10.1.1.24/32 

user@host# set interfaces ppO unit O ppp-options pap 
access-profile pap_prof local-name locky local-password 
india passive 

user@host# set interfaces ppO unit 0 pppoe-options 
underlying-interface pt-1/0/0.0 auto-reconnect 120 client 

user@host# set interfaces ppO unit O family inet 
unnumbered-address 100.0 destination 10.1.1.1 

user@host# set access profile pap_prof authentication-order 
password client cuttack pap-password india 


Table 21: CLI Quick Configuration (continued) 


Configuration Step 


Configure PPPoE on the pt-1/0/0 Interface with 
Unnumbered IP (CHAP Authentication) 


Configure PPPoE on the pt-1/0/0 Interface with 
Negotiated IP (PAP Authentication) 


Configure PPPoE on the pt-1/0/0 Interface with 
Negotiated IP (CHAP Authentication) 


179 


CLI Quick Configuration Commands 


user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 
17a 

user@host# set interfaces pt-1/0/0 unit 0 encapsulation 
ppp-over-ether 

user@host# set interfaces loO unit O family inet address 
10.1.1.24/32 

user@host# set interfaces ppO unit O ppp-options chap 
default-chap-secret india local-name locky passive 

user@host# set interfaces ppO unit 0 pppoe-options 
underlying-interface pt-1/0/0.0 auto-reconnect 120 client 

user@host# set interfaces ppO unit 0 family inet 
unnumbered-address 100.0 destination 10.1.1.1 


user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 
17a 

user@host# set interfaces pt-1/0/0 unit 0 encapsulation 
ppp-over-ether 

user@host# set interfaces ppO unit O ppp-options pap 
access-profile my_prf local-name purple local-password 
<password> passive 

user@host# set interfaces ppO unit 0 pppoe-options 
underlying-interface pt-1/0/0.0 auto-reconnect 120 client 

user@host# set interfaces ppO unit O family inet 
negotiate-address 

user@host# set access profile my_prf authentication-order 
password 

user@host# set access profile my_prf 


user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 
17a 

user@host# set interfaces pt-1/0/0 unit 0 encapsulation 
ppp-over-ether 

user@host# set interfaces ppO unit 0 ppp-options chap 
default-chap-secret <password> local-name purple passive 

user@host# set interfaces ppO unit 0 pppoe-options 
underlying-interface pt-1/0/0.0 auto-reconnect 120 client 

user@host# set interfaces ppO unit O family inet 
negotiate-address 
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Configure the VDSL2 Interface and Enable VLAN Tagging 
In this example, you create a VDSL2 interface called pt-1/0/0 and set the VDSL2 profile to auto. For more 
information on basic connectivity refer to Quick Start Guide and to configure network interfaces refer to 


“Example: Creating an Ethernet Interface” on page 208. To configure the VDSL2 interfaces and enable 
VLAN tagging: 


1. Create an interface. 


[edit] 
user@host# edit interfaces pt-1/0/0 


2. Set the VDSL2 profile type. 


[edit interfaces pt-1/0/0] 
user@host# set vdsl-options vdsl-profile auto 


3. Specify the logical unit to connect to the physical VDSL2 interface. 


[edit interfaces pt-1/0/0] 
user@host# set unit 0 


4. Specify the family protocol type. 


[edit interfaces pt-1/0/0] 
user@host# set unit O family inet address 100.100.100.1/24 


5. Enable VLAN tagging on the pt- interface. 


[edit interfaces pt-1/0/0] 
user@host# set interface pt-1/0/0 vian-tagging 


6. Specify the VLAN ID value. 


[edit interfaces pt-1/0/0] 
user@host# set interface pt-1/0/0 unit O vlan-id 100 


7. Commit the configuration. 
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VDSL2 is supported only on the pt- interface. The range of VLANs that can be configured is 0 to 4093. 


Similarly, you can configure the VDSL2 interface on Annex B (integrated VDSL2 interfaces in ADSL backward 
compatible mode). After completing the configuration successfully, view the parameters by using the show 
interfaces pt-1/0/0 command. 


Configure VDSL2 Interface with VDSL2 Mini-PIMs 


This example uses VDSL2 Mini-PIMs. Figure 14 on page 181 shows typical SRX Series devices with VDSL2 
Mini-PIM network connections. 


Figure 14: SRX Series Device with VDSL2 Mini-PIMs in an End-to-End Deployment Scenario 
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To view the CLI quick configuration commands, see Table 21 on page 177. 
To begin a new configuration on a VDSL2 Mini-PIM: 


1. Deactivate any previous interfaces. 


[edit] 
user@host# deactivate interface pt-1/0/0 
user@host# deactivate interface at-1/0/0 


2. Delete any old configurations. 


[edit] 
user@host# delete interface pt-1/0/0 
user@host# delete interface ppO 
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3. Commit the configuration. 


Use the show chassis fpc command to see the output of the configuration. 
Configure the VDSL2 Mini-PIM for End-to-End Data Path 
To configure the VDSL2 Mini-PIM for end-to-end data path: 


1. Configure the interfaces with the VDSL profile and the Layer 3 configuration for the end-to-end data 
path. 


[edit] 
user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a 
user@host# set interfaces pt-1/0/0 unit 0 family inet address 11.11.11.1/24 


2. Commit the configuration. 


Use the show interfaces pt-1/0/0 command to see the output of the configuration. 
Configure PPPoE on the pt-1/0/0 Interface with a Static IP Address 
To configure the PPPoE on the pt-1/0/0 interface with a static IP address: 


1. Configure the VDSL options and encapsulation for the interface. 


[edit] 
user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a 
user@host# set interfaces pt-1/0/0 unit 0 encapsulation ppp-over-ether 


2. Configure the PPP options for the interface. 


[edit] 

user@host# set interfaces ppO unit O ppp-options pap access-profile pap_prof 
user@host# set interfaces ppO unit O ppp-options pap local-name locky 
user@host# set interfaces ppO unit O ppp-options pap local-password india 
user@host# set interfaces ppO unit O ppp-options pap passive 


3. Configure the PPPoE options for the interface. 


[edit] 

user@host# set interfaces ppO unit O pppoe-options underlying-interface pt-1/0/0.0 
user@host# set interfaces ppO unit 0 pppoe-options auto-reconnect 120 
user@host# set interfaces ppO unit 0 pppoe-options client 
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4. Configure the IP address for the interface. 


[edit] 
user@host# set interfaces ppO unit O family inet address 10.1.1.6/24 


5. Configure the access profile for the interface. 


[edit] 
user@host# set access profile pap_prof authentication-order password 
user@host# set access profile pap_prof client cuttack pap-password india 


6. Commit the configuration. 

Use the show interfaces ppO, show interfaces pt-1/0/0 and show access profile pap_prof commands to 
see the output of the configuration. 

Configure PPPoE on the pt-1/0/0 Interface with a Static IP Address (CHAP Authentication) 

To configure the PPPoE on the pt-1/0/0 interface with a static IP address (CHAP authentication): 


1. Configure the VDSL options and encapsulation for the interface. 


[edit] 
user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a 
user@host# set interfaces pt-1/0/0 unit 0 encapsulation ppp-over-ether 


2. Configure the PPP options for the interface. 


[edit] 

user@host# set interfaces ppO unit O ppp-options chap default-chap-secret india 
user@host# set interfaces ppO unit O ppp-options chap local-name locky 
user@host# set interfaces ppO unit O ppp-options chap passive 


3. Configure the PPPoE options for the interface. 


[edit] 

user@host# set interfaces ppO unit O pppoe-options underlying-interface pt-1/0/0.0 
user@host# set interfaces ppO unit 0 pppoe-options auto-reconnect 120 
user@host# set interfaces ppO unit 0 pppoe-options client 


4. Configure the IP address for the interface. 
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[edit] 
user@host# set interfaces ppO unit O family inet address 10.1.1.6/24 


5. Commit the configuration. 

Use the show interfaces pt-1/0/0 and show interfaces ppO commands to see the output of the 
configuration. 

Configure PPPoE on the pt-x/x/x Interface with Unnumbered IP (PAP Authentication) 

To configure PPPoE on the pt-1/0/0 interface with unnumbered IP (PAP authentication): 


1. Configure the VDSL options and encapsulation for the interface. 


[edit] 
user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a 
user@host# set interfaces pt-1/0/0 unit 0 encapsulation ppp-over-ether 


2. Configure the IP address for the interface. 


[edit] 
user@host# set interfaces loO unit O family inet address 10.1.1.24/32 


3. Configure the PPP options for the interface. 


[edit] 

user@host# set interfaces ppO unit O ppp-options pap access-profile pap_prof 
user@host# set interfaces ppO unit O ppp-options pap local-name locky 
user@host# set interfaces ppO unit O ppp-options pap local-password india 
user@host# set interfaces ppO unit O ppp-options pap passive 


4. Configure the PPPoE options for the interface. 


[edit] 

user@host# set interfaces ppO unit O pppoe-options underlying-interface pt-1/0/0.0 
user@host# set interfaces ppO unit O pppoe-options auto-reconnect 120 
user@host# set interfaces ppO unit O pppoe-options client 


5. Configure the unnumbered address and destination for the interface. 
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[edit] 
user@host# set interfaces ppO unit 0 family inet unnumbered-address 100.0 
user@host# set interfaces ppO unit O family inet unnumbered-address destination 10.1.1.1 


6. Configure the access profile for the interface. 


[edit] 
user@host# set access profile pap_prof authentication-order password 
user@host# set access profile pap_prof client cuttack pap-password india 


7. Commit the configuration. 

Use the show interfaces loO, show interfaces pt-1/0/0, and show interfaces ppO commands to see the 
output of the configuration. 

Configuring PPPoE on the pt-1/0/0 Interface with Unnumbered IP (CHAP Authentication) 

To configure PPPoE on the pt-1/0/0 interface with unnumbered IP (CHAP authentication): 


1. Configure the VDSL options and encapsulation for the interface. 
[edit] 


user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a 
user@host# set interfaces pt-1/0/0 unit 0 encapsulation ppp-over-ether 


2. Configure the IP address for the interface. 
[edit] 
user@host# set interfaces loO unit O family inet address 10.1.1.24/32 
3. Configure the PPP options for the interface. 
[edit] 
user@host# set interfaces ppO unit O ppp-options chap default-chap-secret india 


user@host# set interfaces ppO unit O ppp-options chap local-name locky 
user@host# set interfaces ppO unit O ppp-options chap passive 


4. Configure the PPPoE options for the interface. 
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[edit] 

user@host# set interfaces ppO unit O pppoe-options underlying-interface pt-1/0/0.0 
user@host# set interfaces ppO unit 0 pppoe-options auto-reconnect 120 
user@host# set interfaces ppO unit O pppoe-options client 


5. Configure the unnumbered address and destination for the interface. 


[edit] 
user@host# set interfaces ppO unit 0 family inet unnumbered-address 100.0 
user@host# set interfaces ppO unit O family inet unnumbered-address destination 10.1.1.1 


6. Commit the configuration. 


Use the show interfaces ppO, show interfaces pt-1/0/0, and show interfaces lo0 commands to see the 
output of the configuration. 


Configure PPPoE on the pt-1/0/0 Interface with Negotiated IP (PAP Authentication) 
To configure PPPoE on the pt-1/0/0 interface with negotiated IP (PAP authentication): 


1. Configure the VDSL options and encapsulation for the interface. 


[edit] 
user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a 
user@host# set interfaces pt-1/0/0 unit 0 encapsulation ppp-over-ether 


2. Configure the PPP options for the interface. 


[edit] 

user@host# set interfaces ppO unit O ppp-options pap access-profile my_prf 
user@host# set interfaces ppO unit O ppp-options pap local-name purple 
user@host# set interfaces ppO unit 0 ppp-options pap local-password <password> 
user@host# set interfaces ppO unit O ppp-options pap passive 


3. Configure the PPPoE options for the interface. 


[edit] 

user@host# set interfaces ppO unit O pppoe-options underlying-interface pt-1/0/0.0 
user@host# set interfaces ppO unit 0 pppoe-options auto-reconnect 120 
user@host# set interfaces ppO unit 0 pppoe-options client 
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4. Configure the negotiated IP address for the interface. 


[edit] 
user@host# set interfaces ppO unit O family inet negotiate-address 


5. Configure the access profile for the interface. 


[edit] 
user@host# set access profile my_prf authentication-order password 
user@host# set access profile my_prf 


6. Commit the configuration. 

Use the show interfaces pt-1/0/0, show interfaces ppO, and show access profile my_prf commands to 
see the output of the configuration. 

Configure PPPoE on the pt-1/0/0 Interface with Negotiated IP (CHAP Authentication) 

To configure PPPoE on the pt-1/0/0 interface with negotiated IP (CHAP authentication): 


1. Configure the VDSL options and encapsulation for the interface. 


[edit] 
user@host# set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a 
user@host# set interfaces pt-1/0/0 unit 0 encapsulation ppp-over-ether 


2. Configure the PPP options for the interface. 


[edit] 

user@host# set interfaces ppO unit O ppp-options chap default-chap-secret <password> 
user@host# set interfaces ppO unit O ppp-options chap local-name purple 

user@host# set interfaces ppO unit O ppp-options chap passive 


3. Configure the PPPoE options for the interface. 


[edit] 

user@host# set interfaces ppO unit O pppoe-options underlying-interface pt-1/0/0.0 
user@host# set interfaces ppO unit 0 pppoe-options auto-reconnect 120 
user@host# set interfaces ppO unit 0 pppoe-options client 


4. Configure the negotiated IP address for the interface. 


[edit] 


user@host# set interfaces ppO unit O family inet negotiate-address 


5. Commit the configuration. 
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Use the show interfaces ppO and show interfaces pt-1/0/0 commands to see the output of the 
configuration. Similarly, you can configure the integrated VDSL2 interfaces, Annex B, in ADSL backward 
compatible mode by using the show interfaces pt-1/0/0 command. 


Verification 


Purpose 


Display information about the parameters configured on the VDSL2 interface. 


Action 


e To display information about the parameters configured on VDSL2 Interface connected to the DSLAM, 


operating in Annex A and display details of VLAN tagging: 


user@host> show interfaces pt-1/0/0 


Physical interface: pt-1/0/0, 
146, 
Type: PIM, Link-level typ 


Interface index: 


SNMP ifIndex: 





Enabled, Physical link is Up 


524, Generation: 149 








Speed: VDSL2 
Device flags 
Link flags None 
CoS queues 


Hold-times 


8 supported, 8 
Up O ms, 


Current address: 





Last flapped 
Statistics last cleared: 
TEEELLS SCACLSicCLES 

Input bytes 
Output bytes 
Input packets: 
Output packets: 

IIMSIEE, EycweOre(s} 8 


eros s 0), Dieejoss Ol, 





L2 channel errors: 0, 


Output errors: 


Ethernet, MTU: 


Policed discards: 0, 


L2 mismatch timeouts: 0, 


1496, VDSL mode, 


Present Running 


maximum usable queues 


Down O ms 
00:b1:7e:85:84:ff 
AQOS=10=1L3 1ighs6g50 PDT 
AVOPS=1LO=1LQ OWOS29e37 Pip 


(12:32:49 ago) 
(00:00:02 ago) 


22438962 97070256 bps 
10866024 43334088 bps 
SAL Balis7 jojos 

133A 3655 jos 


L3 incompletes: 0, 


Speed: 


Resource Grrors: 


45440kbps 
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CARI! TKEMSIEOMSs: O, memoess O, Deepss O, Agecl pmekeess 0, MilwW Giemorss (0), 


Resource errors: 0 





Egress queues: 8 supported, 4 in use 





Queue counters: Queued packets Transmitted packets Dropped packets 
0 best-effort 6759 6760 0 
1 expedited-fo 0 0 0 
2 assured-forw 0 0 0 
3 network-cont 0 0 0 
VDSL alarms : None 
VDSL defects : None 
VDSL media: Seconds Count State 
LOF 0 0 OK 
LOS 0) 0) OK 
LOM 0 0 OK 
LOP 0 0 OK 
LOCDI 0 O OK 
LOCDNI 0 O OK 
VDSly stacusi: 


Modem status : Showtime (Profile-17a) 





VDSL profile : Profile-l7a Annex A 
Last fail code: None 

Subfunction : 0x00 

Seconds in showtime : 45171 


SIONQUEM SOND Kat se paced cy once ese acer ery DRA One e OED Ries cee tea 0 each eA Gar care taerieth Oerccie BeBe ea 


Similarly, you can verify the VDSL2 interface on Annex B mode by using the show interfaces pt-1/0/0 
command. 


user@host> show interfaces pt-1/0/0 


vlan-tagging; 
vdsl-options { 
vdsl-profile auto; 

} 

Binaic, 0) 4 

vlan-id 100; 

Family inet { 

address 100.100.100.1/24; 
} 
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e Verify the FPC status by entering the show chassis fpc command. The VDSL2 Mini-PIM is installed in 
the first slot of the SRX320 device chassis; therefore, use fpc 1. For SRX340 devices, use the FPCs fpc 
1, fpc 2, fpc 3, or fpc 4. 


user@host> show chassis fpc 


Temp CPU Utilization (%) Memory Utilization 
(3) 

Slot State (C) Total Interrupt DRAM (MB) Heap Buffer 
0 Onlin CRU less. mec 
i Oye atin CHU Ikasc Imac 














e Verify the status of interface, modem status, time in seconds and VDSL profile of DSLAM by using the 
run show interface pt-1/0/0. 


user@host> show interface pt-1/0/0 





Physical interface: pt-1/0/0, Enabled, Physical link is Up 
Interface index: 146, SNMP ifIndex: 524, Generation: 149 





Type: PIM, Link-level type: Ethernet, MTU: 1496, VDSL mode, Speed: 45440kbps 





Speed: VDSL2 

Device flags : Present Running 

Link flags : None 

CoS queues : 8 supported, 8 maximum usable queues 

Hold-times : Up 0 ms, Down O ms 

Cuiemeinic gickiressy WO) gisils Jexsagisa sicic 

Inaisic ielejyscel ¢ AOOPG—LO—13 Iilssiog50 wD (i2ZeSs28k9 ace) 
Sitaristies llasic eleerecis ZOOLS—1O0-12) WOs29e37 wine (WOZOOsS02 aco) 





Traffic statistics: 
Input bytes : 22438962 97070256 bps 
Output bytes : 10866024 43334088 bps 
Input packets: 15141 8187 pps 
Output packets: 7332 3655 pps 

iniSiblic, Gucieiove ts} 8 


eco. 0, Dress 0, PoOlicecl cisearcss O, ind dimecmoleress , 





L2 channel errors: 0, L2 mismatch timeouts: 0, Resource errors: 0 


Output errors: 





CAIs TREMScOMSs: OW, memorss O, Dress OW, Meecl peekerss 0), Maw Giemorss (0), 


Resource errors: 0 





Egress queues: 8 supported, 4 in use 





Queue counters: Queued packets Transmitted packets Dropped packets 
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0 best-effort 6759 6760 0 
1 expedited-fo 0 0 0 
2 assured-forw 0 0 0 
3 network-cont 0 0 0 
VDSL alarms : None 
VDSL defects : None 
VDSL media: Seconds Count State 
LOF 0 0 OK 
LOS 0 OK 
LOM 0 OK 
LOP 0 OK 
LOCDI O OK 
LOCDNI 0 O OK 
VDSL status: 


0 
0 
0 
0 


Modem status : Showtime (Profile-17a) 





VDSL profile : Profile-l7a Annex A 
Last fail code: None 

Subfunction : 0x00 

Seconds in showtime : 45171 


iG Oi been Shemech ese comes stomicee ces so cnspseenee sme cre emo actrees connote uerenoren acm sa esuen som aerore 


e To display all the parameters configured on VDSL2 Mini-PIM for End-to-End Data Path 


user@host> show interfaces pt-1/0/0 terse 


Interface Admin Link Proto Local Remote 
pt-1/0/0 up up 

pie 1/0/00 up up inet Vi 11.11, 1/24 

[edit] 


ibE-— al Hele\-jur smn ab bel ob mole mam il aval eas es ole lob ol oma 01010 ar-lonmel 
PING ti tol. 4 (lists lil.2)s bo caica lnvjires 


WOU UU ID DIDCOT Se TSO eTOCs ea a tt 


= Til, lil.1il.2 pilme Stacdsties =—= 
1000 packets transmitted, 1000 packets received, 0% packet loss 
round-trip min/avg/max/stddev = 16.109/17.711/28.591/2.026 ms 


user@host> show interfaces pt-1/0/0 extensive 
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Physical interface: pt-1/0/0, Enabled, Physical link is Up 
Interface index: 146, SNMP ifIndex: 524, Generation: 197 
Type: PTM, Link-level typ Ethernet, MTU: 1496, VDSL mode, Speed: 45440kbps 
Speed: VDSL2 
Device flags Present Running 
Link flags None 
CoS queues 8 supported, 8 maximum usable queues 
Hold-times Up 0 ms, Down O ms 
Cusmmeme ackicesss OOglails WesGas8a sii 
Last flapped AWOQ—1LO=28 WOssas2z2o edt (OWsilZs0s age) 
Statistics last cleared: 2009-10-28 00:47:56 PDT (00:00:36 ago) 
PEELS Steacisicies 3 
Input bytes 84000 Opps 
Output bytes 138000 0 bps 
Input packets: 1000 0 pps 
Output packets: 1000 QO pps 
IbayORCNe, Sucieones} 
Errors: QO, Drops: 0, Policed discards: 0, L3 incompletes: 0, L2 channel 
errors: 0, L2 mismatch timeouts: 0, Resource errors: 0 
Output errors: 
Cauricieie ireingicdeimss WO, lemerss O, Wireess O, Agec packetss O, Maw eGrememes 0), 
Resource errors: 0 
Egress queues: 8 supported, 4 in use 





Queue counters: 


best-effort 


expedited-fo 


assured-forw 


network-cont 





VDS alarms 

VDS 

VDS 
LOF 
LOS 
LOM 
LOP 
LOCDI 
LOCDNI 


VDsL Sseacus: 


Aly 


defects 


dy 





L media: 


Modem status 


Queued packets Transmitted packets 


1000 1000 
0 0 
0 0 
0 0 
None 
None 
Seconds Count State 
0 CR Ok 
0 0 OK 
0 O OK 
0 O OK 
0 CROkKs 
0 O OK 
Showtime (Profile-17a) 


Dropped packets 
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VDSL profile : Profile-l7a Annex A 


Last fail code: None 


e To display the PPPoE on the pt-1/0/0 Interface with a Static IP Address. 


user@host> show interfaces ppO 


Physical interface: pp0, Enabled, Physical link is Up 
Interface iandex: 128, SNMP afindex: 510 





Type: PPPoE, Link-level type: PPPoE, MTU: 1532 





Device flags : Present Running 





Interface flags: Point-To-Point SNMP-Traps 
Link type : Full-Duplex 
Link flags : None 

Input packets : 0 

Output packets: 0 


Logical interface pp0.0 (Index 71) (SNMP ifIndex 522) 





Flags: Hardware-Down Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPol 
PPPOR 





GI 





State: SessionDown, Session ID: None, 


Configured AC name: None, Service name: None, 








Auto-reconnect timeout: 120 seconds, Idle timeout: Never, 


Underlying interface: pt-1/0/0.0 (Index 69) 





Input packets : 57 

Output packets: 56 
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 
Keepalive: Input: 22 (00:00:40 ago), Output: 25 (00:00:04 ago) 
LCP state: Down 


user@host> show interfaces pt-1/0/0 terse 


Interface Admin Link Proto Local Remote 
pt-1/0/0 up up 

pEK-1/0/O.0 up up 

[edit] 


user@host# run show interfaces pp0O terse 
Interface Admin Link Proto Local Remote 


ppd up up 


194 


ppd.0 up up inet 10 ,1,1., 6/24 


[edit] 
user@host# run ping 10.1.1.1 count 100 rapid 
RINE LO tot. (lO 1.1.1) :s S56 cae lances 


(ATO IAEA DOT DUST Tee DST Ieee eT DA CID eT DST GIO DS See Use oth 


= i@. 1.1.1 pimg statisties —<-= 
100 packets transmitted, 100 packets received, 0% packet loss 
round-trip min/avg/max/stddev = 14.669/15.649/21.655/1.740 ms 


e To display PPPoE on the pt-1/0/0 Interface with a Static IP Address (CHAP Authentication) 


user@host> show interfaces ppO 


Physical interface: pp0, Enabled, Physical link is Up 





Interface index: 128, SNMP ifIndex: 510 
Type: PPPoE, Link-level type: PPPoE, MTU: 1532 





Device flags : Present Running 





Interface flags: Point-To-Point SNMP-Traps 
Link type : Full-Duplex 
Link flags : None 

Input packets : 0 

Output packets: 0 


Logical interface pp0.0 (Index 70) (SNMP ifIndex 522) 








GJ 


Flags: Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPol 
PPPOR? 





State: SessionUp, Session ID: 31, 


Session AC name: cuttack, Remote MAC address: 00:03:6c:c8:8c:55, 





Configured AC name: None, Service name: None, 





Auto-reconnect timeout: 120 seconds, Idle timeout: Never, 





Underlying interface: pt-1/0/0.0 (Index 69) 
Input packets : 12 
Output packets: 10 
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 
Keepalive: Input: 1 (00:00:08 ago), Output: 0 (never) 
LCP state: Opened 
NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: 





Not-configured 
CHAP state: Success 
PAP state: Closed 


Security: Zone: Null 
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REOCOCel aimsic, Wars idéleZ 
Flags: None 





Addresses, Flags: Is-Preferred Is—Primary 
Dasicdinsiciems LO 11/24, ihocaile 10,1.,1.6 


user@host> show interfaces pt-1/0/0 terse 


Interface Admin Link Proto Local Remote 
pt-1/0/0 up up 
pe 1/0/0.0 up up 


user@host> show interfaces ppO terse 


Interface Admin Link Proto Local Remote 
ppd up up 
ppd.0 up up inet 10,2,1,6/24 


user@host> ping 10.1.1.1 count 100 rapid 


PINE LO gt tot (lO ,t 1.1) 3s S56 caca lances 


WOOO ST CTA UCSC TT eID UTS OS eT USTISTeL COUTeU GDS Pe 


=== 10 ,1,1.,.1 ping statisties =——=— 
100 packets transmitted, 100 packets received, 0% packet loss 
round-trip min/avg/max/stddev = 14.608/15.466/25.939/1.779 ms 


e To display the PPPoE on the pt-1/0/0 Interface with Unnumbered IP (PAP Authentication) 


user@host> show interfaces ppO 


Physical interface: pp0, Enabled, Physical link is Up 
Interface index: 128, SNMP ifIndex: 510 
Type: PPPoE, Link-level type: PPPoE, MTU: 1532 








Device flags : Present Running 





Interface flags: Point-To-Point SNMP-Traps 
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Link type : Full-Duplex 
Link flags : None 

Input packets : 0 

Output packets: 0 


Logical interface pp0.0 (Index 72) (SNMP ifIndex 522) 








ey 


Flags: Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPol 





GI 


IP DIZ Cid, 
State: SessionUp, Session ID: 33, 
Session AC name: cuttack, Remote MAC address: 00:03:6c:c8:8c:55, 


Configured AC name: None, Service name: None, 











Auto-reconnect timeout: 120 seconds, Idle timeout: Never, 
Underlying interface: pt-1/0/0.0 (Index 69) 
Input packets : 22 
Output packets: 20 
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 
Keepalive: Input: 1 (00:00:08 ago), Output: O (never) 
LCP state: Opened 
NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: 





Not-—configured 
CHARM Siclec tm CHOc Cel 
PAP Scecmeole Coss 
Security: Zone: Null 
IECGIEOCOI ainsie, Ware idéle2 
Flags: None 





Addresses, Flags: Is-Preferred Is-—Primary 


DeSicdinsicioms IO i,t, hocaile 10,1,1,.24 


user@host> show interfaces pt-1/0/0 terse 


Interface Admin Link Proto Local Remote 
pt-1/0/0 up up 
se / 0/0 0) up up 


user@host> show interfaces ppO terse 


Interface Admin Link Proto Local Remote 


ppd up up 
ppo.0 up up inet ALO) hg dt eae ==> 1@.i.i.4 


user@host> ping 10.1.1.1 count 100 rapid 


RING IO cielo (lO 1 1.1): S56 caca lyvic]es 


WIDOT STS USUI DSTI TOUTS ATT CIITADSIIITOIDOTODSISSe o t 


=== 1@0.1.i.1 pimg Statistics —-—= 
100 packets transmitted, 100 packets received, 0% packet loss 
round-trip min/avg/max/stddev = 14.584/15.503/21.204/1.528 ms 


e To display the PPPoE on the pt-1/0/0 Interface with Unnumbered IP (CHAP Authentication) 


user@host> show interfaces ppO 


Physical interface: pp0, Enabled, Physical link is Up 
Interface index: 128, SNMP ifIndex: 510 





Type: PPPoE, Link-level type: PPPoE, MTU: 1532 





Device flags : Present Running 





Interface flags: Point-To-Point SNMP-Traps 
Link type : Full—-Duplex 
Link flags : None 

Input packets : 0 

Output packets: 0 


Logical interface pp0.0 (Index 70) (SNMP ifIndex 522) 








GJ 


Flags: Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPol 
PIP IPold, & 





State: SessionUp, Session ID: 35, 


Session AC name: cuttack, Remote MAC address: 00:03:6c:c8:8c:55, 





Configured AC name: None, Service name: None, 





Auto-reconnect timeout: 120 seconds, Idle timeout: Never, 





Underlying interface: pt-1/0/0.0 (Index 69) 
Input packets : 25 
Output packets: 22 
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 
Keepalive: Input: 2 (00:00:10 ago), Output: 2 (00:00:02 ago) 
LCP state: Opened 





NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: 
Not-configured 


CHAP state: Success 





PAP state: Closed 
Security: Zone: Null 


PieOooeol ainsic, Wires i4le2 
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Flags: None 





Addresses, Flags: Is-Preferred Is-—Primary 


Desicdinsiciems IO l,i, mocaie 10,1,1,.24 


user@host> show interfaces pt-1/0/0 terse 


Interface Admin Link Proto Local Remote 
pt-1/0/0 up up 
DE=L/O/O 0 up up 


user@host> show interfaces ppO terse 


Interface Admin Link Proto Local Remote 
ppd up up 
ppo.0 up up inet AO) th I ae == 10.1.1. 


user@host> ping 10.1.1.1 count 100 rapid 


PONG LO tet (lO.1.1.1)s 56 casa lnvyces 


UDA UST STS SUTTER EEOeSSOee eet 


== 10.,i.1.,1 ping sitacisities <—— 
100 packets transmitted, 100 packets received, 0% packet loss 
round-trip min/avg/max/stddev = 14.585/16.025/22.354/2.019 ms 


e To display PPPoE on the pt-1/0/0 Interface with Negotiated IP (PAP Authentication) 


user@host> show interfaces ppO 


Physical interface: pp0, Enabled, Physical link is Up 





Interface index: 128, SNMP ifIndex: 510 





Type: PPPoE, Link-level type: PPPoE, MTU: 1532 


Device flags : Present Running 





Interface flags: Point-To-Point SNMP-Traps 
Link type : Full-Duplex 
Link flags : None 


Input packets : 0 
Output packets: 0 


Logical interface pp0.0 (Index 72) (SNMP ifIndex 522) 








CG] 


Flags: Point—To-Point SNMP-Traps 0x0 Encapsulation: PPPol 
PPPOL: 





iy 


State: SessionUp, Session ID: 4, 





Session AC name: belur, Remote MAC address: 00:90:1a:43 





Configured AC name: None, Service name: None, 








ep 3 cli 


Auto-reconnect timeout: 120 seconds, Idle timeout: Never, 


Underlying interface: pt-1/0/0.0 (Index 69) 
Input packets : 18 
Output packets: 18 


Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 


Keepalive: Input: 0 (never), Output: 11 (00:00:01 ago) 
LCP state: Opened 


NCP state: inet: Opened, inet6: Not-configured, iso: Not-—configured, mpls: 





Not-configured 
CHAP Siichwcrmekosce 
RAP SSE mole Cocs 
Security: Zone: Null 


Protocol inet, MTU: 1474 





Flags: Negotiate-Address 





Addresses, Flags: Kernel Is-Preferred Is-Primary 
Dasitimacieme IIA 2.1, mecailes 12,12. 12, iil 


user@host> show interfaces pt-1/0/0 terse 


Interface Admin Link Proto Local 
pt-1/0/0 up up 
pEHK1L/O/O 0 up up 


user@host> show interfaces ppO terse 


Interface Admin Link Proto Local 


ppd up up 
ppod.0 up up inet U2 5 LZ. 12 5 il 


Remorse 


Remorse 


ae I Le ale 5 Al 
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user@host> ping 12.12.12.1 count 100 rapid 


RING 12.12.12, (12 12.12.11) § bo caica loves 


WOU UDI DUO See TSO TISSUES Ie Tee ea) eat 


=== 12,12.12, i joiling Siraicdisicies === 
100 packets transmitted, 100 packets received, 0% packet loss 
round-trip min/avg/max/stddev = 16.223/17.692/24.359/2.292 ms 


e To display the PPPoE on the pt-1/0/0 Interface with Negotiated IP (CHAP Authentication) 


user@host> show interfaces ppO 


Physical interface: pp0, Enabled, Physical link is Up 
Interface index: 128, SNMP ifIndex: 510 





Type: PPPoE, Link-level type: PPPoE, MTU: 1532 





Device flags : Present Running 





Interface flags: Point-To-Point SNMP-Traps 
Link type : Full—-Duplex 
Link flags : None 

Input packets : 0 

Output packets: 0 


Logical interface pp0.0 (Index 70) (SNMP ifIndex 522) 








GJ 


Flags: Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPol 
PIP IPold, & 





State: SessionUp, Session ID: 8, 


Session AC name: belur, Remote MAC address: 00:90:1a:43:18:dl1, 








Configured AC name: None, Service name: None, 





Auto-reconnect timeout: 120 seconds, Idle timeout: Never, 





Underlying interface: pt-1/0/0.0 (Index 69) 
Input packets : 12 
Output packets: 11 
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 
Keepalive: Input: 0 (never), Output: 4 (00:00:03 ago) 
LCP state: Opened 





NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: 
Not-configured 


CHAP state: Success 





PAP state: Closed 
Security: Zone: Null 


Protocol inet, MTU: 1474 


200 


201 





Flags: Negotiate-Address 





Addresses, Flags: Kernel Is-Preferred Is-Primary 
DEeSicidimeiciems IZ 1,12 1, mecails 12,12.12512 


user@host> show interfaces pt-1/0/0 terse 


Interface Admin Link Proto Local Remote 
pt-1/0/0 up up 
DE=L/O/O 0 up up 


user@host> show interfaces ppO terse 


Interface Admin Link Proto Local Remote 
ppd up up 
ppo.0 up up inet 12 512,12, 12 ==> 12, 12.1261 


user@host> ping 12.12.12.1 count 100 rapid 


PONE Te tA tA. (let LZ.) s be caica invyires 


YOU UU DTD Ie CUTEST SOTO TIS COTS IIT TITRE TO eet a) ett 


=== 12,12.12,i piling Siaicdsic1es. =—= 
100 packets transmitted, 100 packets received, 0% packet loss 
round-trip min/avg/max/stddev = 16.168/17.452/23.299/2.016 ms 
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Ethernet is a layer 2 technology, operating in a shared bus topology, that uses best-effort delivery to 
broadcast traffic. The topic below discuss the overview of Ethernet interfaces on security devices, static 
ARP entries, creating and deleting the Ethernet interface, and enabling and disabling the promiscuous 
mode on these interfaces. 


| Understanding Ethernet Interfaces 


IN THIS SECTION 


Ethernet Access Control and Transmission | 204 
Collisions and Detection | 204 
Collision Domains and LAN Segments | 205 


Broadcast Domains | 206 


Ethernet Frames | 206 


Ethernet is a Layer 2 technology that operates in a shared bus topology. Ethernet supports broadcast 
transmission, uses best-effort delivery, and has distributed access control. Ethernet is a point-to-multipoint 
technology. 
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In a shared bus topology, all devices connect to a single, shared physical link through which all data 
transmissions are sent. All traffic is broadcast so that all devices within the topology receive every 
transmission. The devices within a single Ethernet topology make up a broadcast domain. 


Ethernet uses best-effort delivery to broadcast traffic. The physical hardware provides no information to 
the sender about whether the traffic was received. If the receiving host is offline, traffic to the host is lost. 
Although the Ethernet data link protocol does not inform the sender about lost packets, higher layer 
protocols such as TCP/IP might provide this type of notification. 


This topic contains the following sections: 


Ethernet Access Control and Transmission 


Ethernet's access control is distributed because Ethernet has no central mechanism that grants access to 
the physical medium within the network. Instead, Ethernet uses carrier-sense multiple access with collision 
detection (CSMA/CD). Because multiple devices on an Ethernet network can access the physical medium, 
or wire, simultaneously, each device must determine whether the physical medium is in use. Each host 
listens on the wire to determine if a message is being transmitted. If it detects no transmission, the host 
begins transmitting its own data. 


The length of each transmission is determined by fixed Ethernet packet sizes. By fixing the length of each 
transmission and enforcing a minimum idle time between transmissions, Ethernet ensures that no pair of 
communicating devices on the network can monopolize the wire and block others from sending and 
receiving traffic. 


Collisions and Detection 


When a device on an Ethernet network begins transmitting data, the data takes a finite amount of time 
to reach all hosts on the network. Because of this delay, or latency, in transmitting traffic, a device might 
detect an idle state on the wire just as another device initially begins its transmission. As a result, two 
devices might send traffic across a single wire at the same time. When the two electrical signals collide, 
they become scrambled so that both transmissions are effectively lost. 


Collision Detection 


To handle collisions, Ethernet devices monitor the link while they are transmitting data. The monitoring 
process is known as collision detection. If a device detects a foreign signal while it is transmitting, it 
terminates the transmission and attempts to transmit again only after detecting an idle state on the wire. 
Collisions continue to occur if two colliding devices both wait the same amount of time before retransmitting. 
To avoid this condition, Ethernet devices use a binary exponential backoff algorithm. 


Backoff Algorithm 


With the binary exponential backoff algorithm, each device that sends a colliding transmission randomly 
selects a value within a range. The value represents the number of transmission times that the device must 
wait before retransmitting its data. If another collision occurs, the range of values is doubled and 
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retransmission takes place again. Each time a collision occurs, the range of values doubles, to reduce the 
likelihood that two hosts on the same network can select the same retransmission time. Table 22 on page 205 
shows collision rounds up to round 10. 


Table 22: Collision Backoff Algorithm Rounds 


Round Size of Set Elements in the Set 

1 2 {0,1} 

2 4 {0,1,2,3} 

3 8 {0,1,2,3,...,7} 

4 16 {0,1,2,3,4,....15} 

5 32 {0,1,2,3,4,5,....31} 

6 64 {0,1,2,3,4,5,6,...,63} 

7 128 {0,1,2,3,4,5,6,7,...,.127} 

8 256 {0,1,2,3,4,5,6,7,8,...,255} 
9 512 {0,1,2,3,4,5,6,7,8,9,...,511} 
10 1024 {0,1,2,3,4,5,6,7,8,9,10,...,1023} 


Collision Domains and LAN Segments 


Collisions are confined to a physical wire over which data is broadcast. Because the physical wires are 
subject to signal collisions, individual LAN segments are known as collision domains. Although the physical 
limitations on the length of an Ethernet cable restrict the length of a LAN segment, multiple collision 
domains can be interconnected by repeaters, bridges, and switches. 


Repeaters 


Repeaters are electronic devices that act on analog signals. Repeaters relay all electronic signals from one 
wire to another. A single repeater can double the distance between two devices on an Ethernet network. 
However, the Ethernet specification restricts the number of repeaters between any two devices on an 
Ethernet network to two, because collision detection with latencies increases in complexity as the wire 
length and number of repeaters increase. 
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Bridges and Switches 


Bridges and switches combine LAN segments into a single Ethernet network by using multiple ports to 
connect the physical wires in each segment. Although bridges and switches are fundamentally the same, 
bridges generally provide more management and more interface ports. As Ethernet packets flow through 
a bridge, the bridge tracks the source MAC address of the packets and stores the addresses and their 
associated input ports in an interface table. As it receives subsequent packets, the bridge examines its 
interface table and takes one of the following actions: 


e If the destination address does not match an address in the interface table, the bridge transmits the 
packet to all hosts on the network using the Ethernet broadcast address. 


e If the destination address maps to the port through which the packet was received, the bridge or switch 
discards the packet. Because the other devices on the LAN segment also received the packet, the bridge 
does not need to retransmit it. 


e If the destination address maps to a port other than the one through which the packet was received, 
the bridge transmits the packet through the appropriate port to the corresponding LAN segment. 


Broadcast Domains 


The combination of all the LAN segments within an Ethernet network is called a broadcast domain. |In the 
absence of any signaling devices such as a repeater, bridge, or switch, the broadcast domain is simply the 
physical wire that makes up the connections in the network. If a bridge or switch is used, the broadcast 
domain consists of the entire LAN. 


NOTE: On SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices, the subnet 
directed broadcast feature is not supported. 


Ethernet Frames 


Data is transmitted through an Ethernet network in frames. The frames are of variable length, ranging 
from 64 octets to 1518 octets, including the header, payload, and cyclic redundancy check (CRC) value. 
Figure 15 on page 207 shows the Ethernet frame format. 


207 


Figure 15: Ethernet Frame Format 


<—————— FCS error detection coverage 
<—______—_£CS generation span————__>| 


“PRE SFD| DA| SAJ| Length/lype | Data } Pad | FCS 























7 1 6 6 2 <—— 46-1500 > 








Transmission order: left-to-right, bit serial 


017038 


Ethernet frames have the following fields: 


e The preamble (PRE) field is 7 octets of alternating Os and 1s. The predictable format in the preamble 
allows receiving interfaces to synchronize themselves to the data being sent. The preamble is followed 
by a 1-octet start-of-frame delimiter (SFD). 


e The destination address (DA) and source address (SA) fields contain the 6-octet (48-bit) MAC addresses 
for the destination and source ports on the network. These Layer 2 addresses uniquely identify the 
devices on the LAN. 


The Length/Type field is a 2-octet field that either indicates the length of the frame's data field or 
identifies the protocol stack associated with the frame. Here are some common frame types: 


e AppleTalk—Ox809B 

e AppleTalk ARP—Ox80F3 
e DECnet—0x6003 

e IP—Ox0800 

e IPX—0x8137 

e Loopback—0x9000 

e XNS—0x0600 


e The Data field contains the packet payload. 


e The frame check sequence (FCS) is a 4-octet field that contains the calculated CRC value. This value is 
calculated by the originating host and appended to the frame. When it receives the frames, the receiving 
host calculates the CRC and checks it against this appended value to verify the integrity of the received 
frame. 


NOTE: On SRX650 devices, MAC pause frame and FCS error frame counters are not supported 
for the interfaces ge-0/0/0 through ge-0/0/3. (Platform support depends on the Junos OS 
Release in your installation.) 
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| Example: Creating an Ethernet Interface 


IN THIS SECTION 


@ Requirements | 208 
@ = Overview | 208 
@ = Configuration | 208 


This example shows how to create an Ethernet interface. 


Requirements 


No special configuration beyond device initialization is required before configuring an interface. 


Overview 


In this example, you create the ge-1/0/0 Ethernet interface and set the logical interface to O. The logical 
unit number can range from O to 16,384. You can also add values for properties that you need to configure 
on the logical interface, such as logical encapsulation or protocol family. 


Configuration 


Step-by-Step Procedure 


To configure an Ethernet interface: 


1. Create the Ethernet interface and set the logical interface. 


[edit] 
user@host# edit interfaces ge-1/0/0 unit 0 


2. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


Verification 


Purpose 
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Verify if the configuration is working properly after creating the interface. 


Action 


From operational mode, enter the show interfaces command. 


Understanding Static ARP Entries on Ethernet Interfaces 


By default, the device responds to an Address Resolution Protocol (ARP) request only if the destination 
address of the ARP request is on the local network of the incoming interface. For Fast Ethernet or Gigabit 
Ethernet interfaces, you can configure static ARP entries that associate the IP addresses of nodes on the 
same Ethernet subnet with their media access control (MAC) addresses. These static ARP entries enable 
the device to respond to ARP requests even if the destination address of the ARP request is not local to 
the incoming Ethernet interface. 


Example: Configuring Static ARP Entries on Ethernet Interfaces 


IN THIS SECTION 


Requirements | 209 
Overview | 209 
Configuration | 210 


Verification | 211 


Requirements 


No special configuration beyond device initialization is required before creating an interface. 


Overview 


In this example, you configure a static ARP entry on the logical unit O of the ge-0/0/3 Gigabit Ethernet 
interface. The entry consists of the interface’s IP address (10.1.1.1/24) and the corresponding MAC address 
of anode on the same Ethernet subnet (00:ff:85:7f:78:03). The example also configures the device to reply 
to ARP requests from the node using the publish option. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces ge-0/0/3 unit O family inet address 10.1.1.1/24 arp 10.1.1.3 mac 00:ff:85:7f:78:03 
set interfaces ge-0/0/3 unit O family inet address 10.1.1.1/24 arp 10.1.1.3 publish 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure a static ARP entry on an Ethernet interface: 


1. Create the Gigabit Ethernet interface. 


[edit] 
user@host# edit interfaces ge-0/0/3 


2. Configure a static ARP entry. 


[edit interfaces ge-0/0/3] 
user@host# edit unit 0 family inet address 10.1.1.1/24 


3. Set the IP address of the subnet node and the corresponding MAC address. 


[edit interfaces ge-0/0/3 unit O family inet address 10.1.1.1/24] 
user@host# set arp 10.1.1.3 mac 00:ff:85:7f:78:03 publish 


Results 


From configuration mode, confirm your configuration by entering the show interfaces ge-0/0/3 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 
user@host#show interfaces ge-0/0/3 
unit O { 
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family inet { 
address 10.1.1.1/24 { 
arp 10.1.1.3 mac 00:ff:85:7f:78:03 publish; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 
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Confirm that the configuration is working properly. 


Verifying Static ARP Configurations 


Purpose 
Verify the IP address and MAC (hardware) address of the node. 


Action 


From operational mode, enter the show interfaces ge-0/0/3 command. 


Verifying the Link State of All Interfaces 


Purpose 


Verify that all interfaces on the device are operational using the ping tool on each peer address in the 
network. 


Action 


For each interface on the device: 


1. In the J-Web interface, select Troubleshoot>Ping Host. 


2. In the Remote Host box, type the address of the interface for which you want to verify the link state. 
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3. Click Start. The output appears on a separate page. 


PINE LO, S § BG claica lnvyires 
64 bytes from 10.1.1.3: icmp_seq=0 tt1l=255 time=0.382 ms 
64 bytes from 10.1.1.3: icmp_seq=1 tt1l=255 time=0.266 ms 


If the interface is operational, it generates an ICMP response. If this response is received, the round-trip 


time in milliseconds is listed in the time field.. 


Verifying Interface Properties 


Purpose 


Verify that the interface properties are correct. 


Action 


From operational mode, enter the show interfaces detail command. 


user@host> show interfaces detail 





Physical interface: ge-0/0/3, Enabled, Physical link is Up 
Interface index: 134, SNMP ifIndex: 27, Generation: 17 











Source filtering: Disabled, Flow control: Enabled 
Device flags : Present Running 
Interface flags: SNMP-Traps 16384 





Link flags : None 

CoS queues : 4 supported 

Hold-times : Up 0 ms, Down O ms 

Current address: 00:90:69:87:44:9d, Hardware address: 00: 
Last flapped : 2004-08-25 15:42:30 PDT (4w5d 22:49 ago) 


Statistics last cleared: Never 
AMIQEUE IIL! SEGUE ASHE ALOIS} 8 

Input bytes 

Output bytes 

Input packets: 


sy Ss ~w Ss 


Output packets: 
Queue counters: Queued packets Transmitted packets 
OQ) ISSSiE—-Sie 18 ie 0 0 
1 expedited-fo 0 0 
2 assured-forw 0 0 
3 network-cont 0 0 


Active alarms : None 


Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled, 


90:69:87:44:9d 


0 bps 
0 bps 
0 pps 
0 pps 

Dropped packets 

0 

0 

0 

0 
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Active defects : None 


The output shows a summary of interface information. Verify the following information: 


e The physical interface is Enabled. If the interface is shown as Disabled, do one of the following: 


e Inthe CLI configuration editor, delete the disable statement at the [edit interfaces ge-0/0/3] level of 
the configuration hierarchy. 


e In the J-Web configuration editor, clear the Disable check box on the Interfaces> ge-0/0/3 page. 


e The physical link is Up. A link state of Down indicates a problem with the interface module, interface 
port, or physical connection (link-layer errors). 


e The Last Flapped time is an expected value. The Last Flapped time indicates the last time the physical 
interface became unavailable and then available again. Unexpected flapping indicates likely link-layer 
errors. 


e The traffic statistics reflect expected input and output rates. Verify that the number of inbound and 
outbound bytes and packets matches expected throughput for the physical interface. To clear the 
statistics and see only new changes, use the clear interfaces statistics ge-0/0/3 command. 


Understanding Promiscuous Mode on Ethernet Interface 


When promiscuous mode is enabled on a Layer 3 Ethernet interface, all packets received on the interface 
are sent to the central point or Services Processing Unit (SPU) regardless of the destination MAC address 
of the packet. You can also enable promiscuous mode on chassis cluster redundant Ethernet interfaces 
and aggregated Ethernet interfaces. If you enable promiscuous mode on a redundant Ethernet interface, 
promiscuous mode is then enabled on any child physical interfaces. If you enable promiscuous mode on 
an aggregated Ethernet interface, promiscuous mode is then enabled on all member interfaces. 


Understanding Promiscuous Mode on the SRX5K-MPC 


The promiscuous mode function is supported on 1-Gigabit, 10-Gigabit, 40-Gigabit, and 100-Gigabit Ethernet 
interfaces on the I/O cards (lIOCs) and the SRX5000 line Module Port Concentrator (SRX5K-MPC). 


When promiscuous mode is enabled on a Layer 3 Ethernet interface, all packets received on the interface 
are sent to the central point or to the Services Processing Unit (SPU) regardless of the destination MAC 
address of the packet. 
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By default, an interface enables MAC filtering. You can configure promiscuous mode on the interface to 
disable MAC filtering. When you delete the promiscuous mode configuration, the interface will perform 
MAC filtering again. 


You can change the MAC address of an interface even when the interface is operating in promiscuous 
mode. When the interface is operating in normal mode again, the MAC filtering function on the IOC uses 
the new MAC address to filter the packets. 


You can also enable promiscuous mode on chassis cluster redundant Ethernet interfaces and aggregated 
Ethernet interfaces. If you enable promiscuous mode on a redundant Ethernet interface, promiscuous 
mode is then enabled on any child physical interfaces. If you enable promiscuous mode on an aggregated 
Ethernet interface, promiscuous mode is then enabled on all member interfaces. 


Example: Configuring Promiscuous Mode on the SRX5K-MPC 
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This example shows how to configure promiscuous mode on an SRX5K-MPC interface in an SRX5600 to 
disable MAC address filtering. 


Requirements 


This example uses the following hardware and software components: 


e An SRX5600 with an SRX5K-MPC that includes a 100-Gigabit Ethernet CFP transceiver 
e Junos OS Release 12.1X47-D10 or later 


No special configuration beyond device initialization is required before configuring this feature. 
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Overview 


By default, the interfaces on an SRX5K-MPC have MAC address filtering enabled. In this example, you 
configure promiscuous mode on an interface to disable MAC address filtering. Then you delete promiscuous 
mode to reenable MAC address filtering on the interface. 


Configuration 


Configuring Promiscuous Mode on an Interface 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces et-4/0/0 unit O family inet address 10.1.1.1/24 
set interfaces et-4/0/0 promiscuous-mode 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see the Junos OS CLI User Guide. 


To configure promiscuous mode: 


1. Configure the ingress interface. 


[edit interfaces] 
user@host# set et-4/0/0 unit 0 family inet address 10.1.1.1/24 


2. Enable promiscuous mode on the interface. 


[edit interfaces] 
user@host# set et-4/0/0 promiscuous-mode 


Results 


From configuration mode, confirm your configuration by entering the show command. If the output does 
not display the intended configuration, repeat the configuration instructions in this example to correct it. 


[edit] 
user@host# show interfaces 
et-4/0/0 { 
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promiscuous-mode; 
unit O { 
family inet { 
address 10.1.1.1/24; 


If you are done configuring the device, enter commit from configuration mode. 


Disabling Promiscuous Mode on an Interface 


CLI Quick Configuration 

To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


user@host# delete interfaces et-4/0/0 promiscuous-mode 


Step-by-Step Procedure 


To disable promiscuous mode: 


1. Disable promiscuous mode on the interface. 
[edit] 


user@host# delete interfaces et-4/0/0 promiscuous-mode 


Verification 
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Confirm that the configuration is working properly. 


Verifying That Promiscuous Mode Is Enabled on the SRX5K-MPC 


Purpose 


Verify that promiscuous mode is enabled on the interface. 


Action 


From operational mode, enter the show interfaces command. 


user@host> show interfaces 


Physical interface: 


Interface index: 


et-4/0/0, Enabled, Physical link is Up 
Lay, SiMe slieitiacleses SLi 
Ethernet, MTU: 1518, Speed: 100Gbps, Loopback: Disabled, 








Link-level typ 
Source filtering: 
Device flags 
Interface flags: 
CoS queues 
CUuRmame ackesass § 
Last flapped 
MAYO, were 
Output rate 
Active alarms 
Active defects 
BESMs eclesksiekes) 


Bit errors 





Errored blocks 








Disabled, Flow control: Enabled 

Present Running 

Promiscuous SNMP-Traps Internal: 0x4000 

8 supported, 8 maximum usable queues 

207215722 3a:05:28, Hardware address: 2c:21:72:3a705:28 
AQLA Hii 7 WA galale ss) isa (Sicl MOSSsi0) rei) 

0 bps (0 pps) 

0 bps (0 pps) 


None 
None 
Seconds 
0 
0 


Logical interface et-4/0/0.0 (Index 71) (SNMP ifIndex 513) 
Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.1351 ] Encapsulation: ENET2 


Input packets 

















0 


Output packets: 0 
Security: Zone: HOST 


Allowed host-inbound traffic : any-service bfd bgp dvmrp igmp ldp msdp nhrp 


ospf pgm pim rip router-discovery rsvp sap vrrp 
PIgOeOCell alineie, MoUs iSO) 
Flags: Sendbcast-—pkt-to-re 





Addresses, Flags: Is-Preferred Is—Primary 
DAStimeciSems 122.122 .122/24, toeails 122.122.1221, 


Broadcast: 


122,122 122,255 


Protocol multiservice, MTU: Unlimited 


Flags: Is-Primary 


Logical interface et-—4/0/0.32767 (Index 72) (SNMP ifIndex 517) 
Flags: SNMP-Traps 0x4004000 VLAN-Tag [| 0x0000.0 ] Encapsulation: ENET2 

















217 


218 


Input packets : 0 

Output packets: 0 

Security: Zone: HOST 

Allowed host-inbound traffic : any-service bfd bgp dvmrp igmp ldp msdp nhrp 
ospf pgm pim rip router-discovery rsvp sap vrrp 

Protocol multiservice, MTU: Unlimited 


Flags: None 


Meaning 


The Interface flags: Promiscuous field shows that promiscuous mode is enabled on the interface. 


Verifying the Status of Promiscuous Mode 


Purpose 


Verify that promiscuous mode works on the et-4/0/0 interface. 


Action 


Send traffic into the et-4/0/0 interface with a MAC address that is different from the interface MAC 
address and turn on promiscuous mode. 


From operational mode, enter the monitor interface traffic command. 


user@host> monitor interface traffic 








Interface Link Input packets (pps) Output packets (pps) 
gr-0/0/0 Up 0 (0) 0 (0 
ip-0/0/0 Up 0 (0) 0 (0 
1t-0/0/0 Up 0 (0) 0 (0 
xe-1/2/0 Down 0 (0) 0 (0 
xeS (2/1. Down 0 (0) 0 (0 
xe l/2/2 Down 0 (0) 0 (0 
xe-1/2/3 Down 0 (0) 0 (0 
xe-1/2/4 Down 0 (0) 0 (0 
xe-1/2/5 Down 0 (0) 0 (0 
xe—/2)/ 6 Down 0 (0) 0 (0 
REL / 2717 Down 0 (0) 0 (0 
xe-1/2/8 Down 0 (0) 0 (0 
xe-1/2/9 Down 0 (0) 0 (0 
et-4/0/0 Up 4403996 (100002) 0 (0) 
et-—4/2/0 Up 3 (0) 4403924 (29997) 
avs0 Up 0 (0) 0 (0 
avsl Up 0 (0) 0 (0 
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dsc Up 0 0 
em0 Up 15965 14056 
Meaning 


The input packets and pps fields show that traffic is passing through the et-4/0/0 interface as expected 
after promiscuous mode is enabled. 


Verifying That Promiscuous Mode Is Disabled 


Purpose 


Verify that disabled promiscuous mode works on the et-4/0/0 interface. 


Action 


Send traffic into the et-4/0/0 interface with a MAC address that is different from the interface MAC 
address and turn off promiscuous mode. 


From operational mode, enter the monitor interface traffic command. 


user@host> monitor interface traffic 











Interface Link Input packets (pps) Output packets (pps) 
gr-0/0/0 Up 0 (0) 0 (0 
ip-0/0/0 Up 0 (0) 0 (0) 
1t-0/0/0 Up 0 (0) 0 (0 
xe-1/2/0 Down 0 (0) 0 (0 
xe-1/2/1 Down 0 (0) 0 (0 
xe /2/2 Down 0 (0) 0 (0 
REHiL/2/ 8 Down 0 (0) 0 (0 
Pek Down 0 (0) 0 (0 
xe-1/2/5 Down 0 (0) 0 (0 
xe-1/2/6 Down 0 (0) 0 (0 
xe-1/2/7 Down 0 (0) 0 (0 
xe>/i2/8 Down 0 (0) 0 (0 
REMI (2/9) Down 0 (0) 0 (0 
et-4/0/0 Up 11505495 (0) 0 (0) 
et-—4/2/0 Up 6 (0) 11505425 (0 
avs0 Up 0 (0) 0 (0 
avsl Up 0 (0) 0 (0 
dsc Up 0 0 


em0 Up 37964 SLIDES 
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Meaning 
The pps field shows that the traffic is not passing through the et-4/0/0 interface after promiscuous mode 
is disabled. 


| Example: Deleting an Ethernet Interface 
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This example shows how to delete an Ethernet interface. 


Requirements 


No special configuration beyond device initialization is required before configuring an interface. 


Overview 


In this example, you delete the ge-1/0/0 interface. 


NOTE: Performing this action removes the interface from the software configuration and disables 
it. Network interfaces remain physically present, and their identifiers continue to appear on 
J-Web pages. 


Configuration 


Step-by-Step Procedure 


To delete an Ethernet interface: 


1. Specify the interface you want to delete. 


[edit] 
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user@host# delete interfaces ge-1/0/0 


2. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


Verification 


Purpose 


Verify if the configuration is working properly after deleting the interface. 


Action 


From operational mode, enter the show interfaces command. 
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The below topics discuss the overview Aggregated Ethernet (AE) interfaces on security devices, configuration 
details of AE interfaces, physical interfaces, AE interface link speed, VLAN tagging for aggregated Ehernet 
interfaces, and deleting an Aggregated Ethernet interface n security devices. 


Understanding Aggregated Ethernet Interfaces 
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Link aggregation of Ethernet interfaces is defined in the IEEE 802.3ad standard. Junos OS implementation 
of 802.3ad balances traffic across the member links within an aggregated Ethernet bundle based on Layer 
3 information carried in the packet, Layer 4 information carried in the packet, or both, or based on session 
ID data. (The session ID data has higher precedence than the Layer 3 or 4 information.) This implementation 
uses the same load-balancing algorithm used for per-packet load balancing. 


Aggregated Ethernet interfaces can be Layer 3 interfaces (VLAN-tagged or untagged) and Layer 2 interfaces. 


NOTE: This topic is specific to the SRX3000 and SRX5000 line devices. For information about 
link aggregation for other SRX Series devices, see the Ethernet Switching User Guide. 


This topic contains the following sections: 


LAGs 


You can combine multiple physical Ethernet ports to form a logical point-to-point link, known as a link 
aggregation group (LAG) or bundle, such that a media access control (MAC) client can treat the LAG as if 


it were a single link. Support for LAGs based on IEEE 802.3ad makes it possible to aggregate physical 

interface links on your device. LAGs provide increased interface bandwidth and link availability by linking 
physical ports and load-balancing traffic crossing the combined interface. For the LAG to operate correctly, 
it is necessary to coordinate the two end systems connected by the LAG, either manually or automatically. 


Internally, a LAG is a virtual interface presented on SRX3000 and SRX5000 line devices or on any system 
(consisting of devices such as routers and switches) supporting 802.3ad link aggregation. Externally, a LAG 
corresponds to a bundle of physical Ethernet links connected between an SRX3000 or SRX5000 line device 
and another system capable of link aggregation. This bundle of physical links is a virtual link. 


Follow these guidelines for aggregated Ethernet support for the SRX3000 and SRX5000 lines: 


e The devices support a maximum of 16 physical interfaces per single aggregated Ethernet bundle. 


e Aggregated Ethernet interfaces can use interfaces from the same or different Flexible PIC Concentrators 
(FPCs) and PICs. 


e On the aggregated bundle, capabilities such as MAC accounting, VLAN rewrites, and VLAN queuing are 
available. 


LACP 


Junos OS supports the Link Aggregation Control Protocol (LACP), which is a subcomponent of IEEE 802.3ad. 
LACP provides additional functionality for LAGs. 


Starting with Junos OS Release 15.1X49-D40, LACP is supported on Layer 2 transparent mode in addition 
to existing support on Layer 3 mode. For information about link aggregation for other SRX Series devices, 
see the Ethernet Switching User Guide. 


LACP provides a standardized means for exchanging information between partner (remote or far-end of 
the link) systems on a link. This exchange allows their link aggregation control instances to reach agreement 
on the identity of the LAG to which the link belongs, and then to move the link to that LAG. This exchange 
also enables the transmission and reception processes for the link to function in an orderly manner. 


For example, when LACP is not enabled, a local LAG might attempt to transmit packets to a remote 
individual interface, which causes the communication to fail. (An individual interface is a nonaggregatable 
interface.) When LACP is enabled, a local LAG cannot transmit packets unless a LAG with LACP is also 
configured on the remote end of the link. 


You configure an aggregated Ethernet virtual link by specifying the link number as a physical device. Then 
you associate a set of ports that have the same speed and are in full-duplex mode. The physical ports can 
be 100-megabit Ethernet, 1-Gigabit Ethernet, and 10-Gigabit Ethernet. 


When configuring LACP, follow these guidelines: 


e LACP does not support automatic configuration on SRX3000 and SRX5000 line devices, but partner 
systems are allowed to perform automatic configuration. When an SRX3000 or SRX5000 line device is 
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connected to a fully 802.3ad-compliant partner system, static configuration of LAGs is initiated on the 
SRX3000 and SRX5000 line device side, and static configuration is not needed on the partner side. 


When an SRX3000 or SRX5000 line device is connected to a Juniper Networks MX Series router, static 
configuration of LAGs is needed at both the actor (local or near-end of the link) and partner systems. 


e Although the LACP functions on the SRX3000 and SRX5000 line devices are similar to the LACP features 
on Juniper Networks MX Series routers, the following LACP features on MX Series routers are not 
supported on SRX3000 and SRX5000 line devices: link protection, system priority, and port priority for 
aggregated Ethernet interfaces. Instead, SRX3000 and SRX5000 line devices provide active/standby 
support with redundant Ethernet interface LAGs in chassis cluster deployments. 


LACP is supported in standalone deployments, where aggregated Ethernet interfaces are supported, and 
in chassis cluster deployments, where aggregated Ethernet interfaces and redundant Ethernet interfaces 
are supported simultaneously. 


Configuring Aggregated Ethernet Interfaces 


NOTE: This topic is specific to the SRX3000 and SRX5000 line devices. 


To configure an aggregated Ethernet interface: 


1. Set the number of aggregated Ethernet interfaces on the device. See Example: Configuring the Number 
of Aggregated Ethernet Interfaces on a Device. 


2. Associate a physical interface with the aggregated Ethernet interface. See “Example: Associating Physical 
Interfaces with Aggregated Ethernet Interfaces” on page 225. 


3. (Optional) Set the required link speed for all the interfaces included in the bundle. See “Example: 
Configuring Aggregated Ethernet Link Speed” on page 227. 


4. (Optional) Configure the minimum number of links that must be up for the bundle as a whole to be 
labeled as up. See “Example: Configuring Aggregated Ethernet Minimum Links” on page 229. 


5. (Optional) Enable or disable VLAN tagging. See “Understanding VLAN Tagging for Aggregated Ethernet 
Interfaces” on page 233. 


6. (Optional) Enable promiscuous mode. See “Understanding Promiscuous Mode for Aggregated Ethernet 
Interfaces” on page 233. 
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SEE ALSO 


| Ethernet Switching User Guide 


Understanding Physical Interfaces for Aggregated Ethernet Interfaces 


You associate a physical interface with an aggregated Ethernet interface. Doing so associates the physical 
child links with the logical aggregated parent interface to form a link aggregation group (LAG). You must 
also specify the constituent physical links by including the 802.3ad configuration statement. 


A physical interface can be added to any aggregated Ethernet interface as long as all member links have 
the same link speed and the maximum number of member links does not exceed 16. The aggregated 
Ethernet interface instance number aex can be from O through 127, for a total of 128 aggregated interfaces. 


NOTE: 

e If you specify (on purpose or accidentally) that a link already associated with an aggregated 
Ethernet interface be associated with another aggregated Ethernet interface, the link is removed 
from the previous interface (there is no need for you to explicitly delete it) and it is added to 
the other one. 


e On SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550M devices, when you create an 
aggregated interface with two or more ports and if a link in the bundle goes down, the traffic 
forwarded through the same link will be rerouted two seconds later. This causes an outage 
for the traffic being sent to the link until reroute is complete. 


Example: Associating Physical Interfaces with Aggregated Ethernet 
Interfaces 
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This example shows how to associate physical interfaces with aggregated Ethernet interfaces. 


Requirements 


Before you begin, set the number of aggregated Ethernet interfaces on the device. See Example: Configuring 
the Number of Aggregated Ethernet Interfaces on a Device. 


Overview 


In this example, you associate the physical child link of the ge-1/0/0 and ge-2/0/0 physical interfaces with 
the logical aggregate parent, aeO, thereby creating a LAG. Similarly, you create a LAG that associate the 
ge-3/0/0, ge-3/0/1, and ge-4/0/1 physical interfaces with the ae1 aggregated Ethernet interface. 


Configuration 


Step-by-Step Procedure 


To associate physical interfaces with aggregated Ethernet interfaces: 


1. Create the first LAG. 
[edit] 


user@host# set interfaces ge-1/0/0 gigether-options 802.3ad aeO 
user@host# set interfaces ge-2/0/0 gigether-options 802.3ad aeO 


2. Create the second LAG. 
[edit] 
user@host# set interfaces ge-3/0/0 gigether-options 802.3ad ae1 


user@host# set interfaces ge-3/0/1 gigether-options 802.3ad ae1 
user@host# sset interfaces ge-4/0/0 gigether-options 802.3ad ae1 


3. If you are done configuring the device, commit the configuration. 
[edit] 
user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interfaces command. 
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| Understanding Aggregated Ethernet Interface Link Speed 


On aggregated Ethernet interfaces, you can set the required link speed for all interfaces included in the 
bundle. All interfaces that make up a bundle must be the same speed. If you include in the aggregated 
Ethernet interface an individual link that has a speed different from the speed you specify in the link-speed 
parameter, an error message will be logged. 


The speed value is specified in bits per second either as a complete decimal number or as a decimal number 
followed by the abbreviation k (1000), m (1,000,000), or g (1,000,000,000). 


Aggregated Ethernet interfaces on SRX3000 and SRX5000 line devices can have one of the following 
speed values: 


e 100m—Links are 100 Mbps. 
e 10g—Links are 10 Gbps. 


e 1g—Links are 1 Gbps. 


| Example: Configuring Aggregated Ethernet Link Speed 
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This example shows how to configure the aggregated Ethernet link speed. 


Requirements 


Before you begin: 


e Add the aggregated Ethernet interfaces using the device count. See Example: Configuring the Number of 
Aggregated Ethernet Interfaces on a Device. 


e Associate physical interfaces with the aggregated Ethernet Interfaces. See “Example: Associating Physical 
Interfaces with Aggregated Ethernet Interfaces” on page 225. 


228 


Overview 


In this example, you set the required link speed for all interfaces included in the bundle to 10 Gbps. All 
interfaces that make up a bundle must be the same speed. 


Configuration 


Step-by-Step Procedure 
To configure the aggregated Ethernet link speed: 


1. Set the link speed. 


[edit] 
user@host# set interfaces aeO aggregated-ether-options link-speed 10g 


2. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interfaces command. 


Understanding Minimum Links for Aggregated Ethernet Interfaces 


On aggregated Ethernet interfaces, you can configure the minimum number of links that must be up for 
the bundle as a whole to be labeled as up. By default, only one link must be up for the bundle to be labeled 
as up. 


On SRX1000, SRX3000, and SRX5000 line devices, the valid range for the minimum links number is 1 
through 16. When the maximum value (16) is specified, all configured links of a bundle must be up for the 
bundle to be labeled as up. 


If the number of links configured in an aggregated Ethernet interface is less than the minimum-links value 
configured in the minimum-links statement, the configuration commit fails and an error message is displayed. 
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| Example: Configuring Aggregated Ethernet Minimum Links 
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This example shows how to configure the minimum number of links on an aggregated Ethernet interface 
that must be up for the bundle as a whole to be labeled as up. 


Requirements 


Before you begin: 


e Add the aggregated Ethernet interfaces using the device count. See Example: Configuring the Number of 
Aggregated Ethernet Interfaces on a Device. 


e Associate physical interfaces with the aggregated Ethernet Interfaces. See “Example: Associating Physical 
Interfaces with Aggregated Ethernet Interfaces” on page 225. 


e Configure the aggregated Ethernet link speed. See “Example: Configuring Aggregated Ethernet Link 
Speed” on page 227. 


Overview 


In this example, you specify that on interface aeO at least eight links must be up for the bundle as a whole 
to be labeled as up. 


Configuration 


Step-by-Step Procedure 


To configure the minimum number of links on an aggregated Ethernet interface: 


1. Set the minimum number of links. 


[edit] 
user@host# set interfaces aeO aggregated-ether-options minimum-links 8 
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2. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interfaces command. 


Deleting Aggregated Ethernet Interface 


You can delete an aggregated Ethernet interface from the interface configuration. Junos OS removes the 
configuration statements related to aex and sets this interface to the down state. The deleted aggregated 
Ethernet interface still exists, but it becomes an empty interface. 


Example: Deleting Aggregated Ethernet Interfaces 


IN THIS SECTION 


Requirements | 230 
Overview | 231 
Configuration | 231 


Verification | 231 


This example shows how to delete aggregated Ethernet interfaces using the device count. 


Requirements 


Before you begin, set the number of aggregated Ethernet interfaces on the device. See Example: Configuring 
the Number of Aggregated Ethernet Interfaces on a Device. 
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Overview 


This example shows how to clean up unused aggregated Ethernet interfaces. In this example, you reduce 
the number of interfaces from 10 to 6, thereby removing the last 4 interfaces from the interface object 
list. 


Configuration 


Step-by-Step Procedure 


To delete an interface: 


1. Set the number of aggregated Ethernet interfaces. 


[edit] 
user@host# delete chassis aggregated-devices ethernet device-count 6 


2. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


Verification 


To verify the configuration is working properly, enter the show chassis aggregated-devices command. 


| Example: Deleting Aggregated Ethernet Interface Contents 


IN THIS SECTION 


Requirements | 232 
Overview | 232 
Configuration | 232 


Verification | 232 


This example shows how to delete the contents of an aggregated Ethernet interface. 
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Requirements 


Before you begin: 


e Set the number of aggregated Ethernet interfaces on the device. See Example: Configuring the Number 
of Aggregated Ethernet Interfaces on a Device. 


e Associate a physical interface with the aggregated Ethernet interface. See “Example: Associating Physical 
Interfaces with Aggregated Ethernet Interfaces” on page 225. 


e Set the required link speed for all the interfaces included in the bundle. See “Example: Configuring 
Aggregated Ethernet Link Speed” on page 227. 


e Configure the minimum number of links that must be up for the bundle as a whole to be labeled as up. 
See “Example: Configuring Aggregated Ethernet Minimum Links” on page 229. 


Overview 


In this example, you delete the contents of the ae4 aggregated Ethernet interface, which sets it to the 
down state. 


Configuration 


Step-by-Step Procedure 


To delete the contents of an aggregated Ethernet interface: 


1. Delete the interface. 


[edit] 
user@host# delete interfaces ae4 


2. If you are done configuring the device, commit the configuration. 


[edit] 


user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interfaces command. 
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| Understanding VLAN Tagging for Aggregated Ethernet Interfaces 


Aggregated Ethernet interfaces can be either VLAN-tagged or untagged, with LACP enabled or disabled. 
Aggregated Ethernet interfaces on the SRX3000 and SRX5000 lines support the configuration of 
native-vlan-id, which consists of the following configuration statements: 


e inner-tag-protocol-id 
e inner-vlan-id 

¢ pop-pop 

e pop-swap 

e push-push 

e swap-push 


e swap-swap 


| Understanding Promiscuous Mode for Aggregated Ethernet Interfaces 


You can enable promiscuous mode on aggregated Ethernet interfaces. When promiscuous mode is enabled 
ona Layer 3 Ethernet interface, all packets received on the interface are sent to the central point or Services 
Processing Unit (SPU) regardless of the destination MAC address of the packet. If you enable promiscuous 
mode on an aggregated Ethernet interface, promiscuous mode is then enabled on all member interfaces. 


| Verifying Aggregated Ethernet Interfaces 


IN THIS SECTION 


@ = Verifying Aggregated Ethernet Interfaces (terse) | 233 
@ Verifying Aggregated Ethernet Interfaces (extensive) | 234 


Verifying Aggregated Ethernet Interfaces (terse) 


Purpose 


Display status information in terse (concise) format for aggregated Ethernet interfaces. 
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Action 


From operational mode, enter the show interfaces aeO terse command. 


user@host> show interfaces aeO terse 














ge-2/0/0.0 up up aenet > aed.0 
ge-2/0/0.32767 up up aenet > aed.32767 
ge-2/0/1.0 up up a fe > aed.0 
ge-2/0/1.32767 up up a ic > ae0.32767 
ae0 up up 

ae0.0 up up bridge 

ae0.32767 up up multiservice 


The output shows the bundle relationship for the aggregated Ethernet interface and the overall status of 
the interface, including the following information: 


e The link aggregation control PDUs run on the .0 child logical interfaces for the untagged aggregated 
Ethernet interface. 


e The link aggregation control PDUs run on the .32767 child logical interfaces for the VLAN-tagged 
aggregated Ethernet interface. 


e The .32767 logical interface is created for the parent link and all child links. 


Verifying Aggregated Ethernet Interfaces (extensive) 


Purpose 


Display status information and statistics in extensive (detailed) format for aggregated Ethernet interfaces. 


Action 


From operational mode, enter the show interfaces aeO extensive command. 


user@host> show interfaces aeO extensive 





Physical interface: ae0, Enabled, Physical link is Up 
oe, interface ae0.0 (Index 67) (SNMP ifIndex 628) (Generation 134) 
PACE Reiner Role System System P@iec Powe IPO 
priority identifier priority number key 


ge-5/0/0.0 Actor 127 OW@sgiliecil2sGesair2eO 127 832 1 
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ge-5/0/0.0 Partner 127 OWOszilirsil Ds sie oly 260 127 640 1 
ge-5/0/1.0 Actor 127 OOcilirsi Ps esate seO 127 833 il 
ge-5/0/1.0 Partner 127 OOcilrelPegiescl se@ 127 641 1 
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx 
ge-5/0/0.0 12830 7090 0 0 
ge-5/0/1.0 10304 4786 0 0 


Logical interface ae0.32767 (Index 70) (SNMP ifIndex 630) (Generation 135) 


MACE Rene Role System System P@iec Poe Pee 
priority identifier priority number key 
ge-5/0/0.32767 ACEOr Ley WO eis cilzeBegeue sev) LT Soe ale 
ge-5/0/0.32767 Partner LOY OOg ise gil29 Bie ely ge) 127 640 i 
ge-5/0/1.32767 Actor L2y OWO¢ ise gilZz sega sel) 127 Sos ale 
ge-5/0/1.32767 Partner L2A7 OO eilie giL2 gihie scl geO 127 641 i 
PACE SS tatesiene se LACP Rx LACP Tx Unknown Rx Illegal Rx 
ge-5/0/0.32767 12830 7090 0 0 
ge-5/0/1.32767 10304 4786 0 0 


The output shows detailed aggregated Ethernet interface information. This portion of the output shows 
LACP information and LACP statistics for each logical aggregated Ethernet interface. 


SEE ALSO 


| Configuring Aggregated Ethernet Interfaces | 224 


Configuring Link Aggregation Control Protocol 


IN THIS SECTION 


@ Understanding LACP on Standalone Devices | 236 
@ Example: Configuring Link Aggregation Control Protocol | 237 
@ Verifying LACP on Standalone Devices | 241 


@ ~ LAGand LACP Support Line Devices with I/O Cards (IOCs) | 244 
@ Example: Configuring LAG Interface on an Line Device with |OC2 or |OC3 | 246 


Link Aggregation Control Protocol (LACP) provides a standard means for information exchange between 
the systems on a link. The below topics discuss the overview of LACP on standalone devices, examples of 
configuring LACP, LAG and LACP support line devices. 


Understanding LACP on Standalone Devices 


Link Aggregation Control Protocol (LACP) provides a standardized means for exchanging information 
between partner systems on a link. Within LACP, the local end of a child link is known as the actor and 
the remote end of the link is known as the partner. 


LACP is enabled on an aggregated Ethernet interface by setting the mode to either passive or active. 
However, to initiate the transmission of link aggregation control protocol data units (PDUs) and response 
link aggregation control PDUs, you must enable LACP at both the local and remote ends of the links, and 
one end must be active: 


e Active mode—If either the actor or partner is active, they exchange link aggregation control PDUs. The 
actor sends link aggregation control PDUs to its protocol partner that convey what the actor knows 
about its own state and that of the partner's state. 


e Passive mode—If the actor and partner are both in passive mode, they do not exchange link aggregation 
control PDUs. As a result, the aggregated Ethernet links do not come up. In passive transmission mode, 
links send out link aggregation control PDUs only when they receive them from the remote end of the 
same link. 


By default, the actor and partner transmit link aggregation control PDUs every second. You can configure 
different periodic rates on active and passive interfaces. When you configure the active and passive 
interfaces at different rates, the transmitter honors the receiver’s rate. 


You configure the interval at which the interfaces on the remote side of the link transmit link aggregation 
control PDUs by configuring the periodic statement on the interfaces on the local side. It is the configuration 
on the local side that specifies the behavior of the remote side. That is, the remote side transmits link 
aggregation control PDUs at the specified interval. The interval can be fast (every second) or slow (every 
30 seconds). 
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NOTE: Starting with Junos OS Release 15.1X49-D40, LACP is supported in Layer 2 transparent 
mode in addition to existing support in Layer 3 mode. 


| Example: Configuring Link Aggregation Control Protocol 


IN THIS SECTION 


Requirements | 237 
Overview | 237 
Configuration | 237 


Verification | 240 


This example shows how to configure LACP. 


Requirements 


This example uses an SRX Series device. 
Before you begin: 


e Determine which interfaces to use and verify that they are in switch mode. See Understanding VLANs. 


Overview 


In this example, for aggregated Ethernet interfaces, you configure the Link Aggregation Control Protocol 
(LACP). LACP is one method of bundling several physical interfaces to form one logical interface. 


Configuration 


CLI Quick Configuration 

To quickly configure this section of the example, copy the following commands, paste them into a text 
file, remove any line breaks, change any details necessary to match your network configuration, copy and 
paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration 
mode. 
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set interfaces ge-0/0/6 ether-options 802.3ad aeO 

set interfaces ge-0/0/7 ether-options 802.3ad aeO 

set interfaces aeO vian-tagging 

set interfaces aeO aggregated-ether-options lacp active periodic fast 

set interfaces aeO unit O family ethernet-switching interface-mode trunk 
set vlan vlan1000 vlan-id 1000 

set interfaces aeO unit O family ethernet-switching vlan members vlan1000 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide. 


To configure LACP: 


1. Configure the interfaces for aeO. 
[edit ] 


user@host# set interfaces ge-0/0/6 ether-options 802.3ad aeO 
user@host# set interfaces ge-0/0/7 ether-options 802.3ad aeO 


2. Configure aeO interface for vlan tagging. 


[edit ] 
user@host# set interfaces aeO vian-tagging 


3. Configure LACP for aeO and configure periodic transmission of LACP packets. 


[edit ] 
user@host# set interfaces aeO aggregated-ether-options lacp active periodic fast 


4. Configure aeO as a trunk port. 


[edit ] 
user@host# set interfaces aeO unit O family ethernet-switching interface-mode trunk 


5. Configure the VLAN. 


[edit ] 
user@host# set vlan vlan1000 vian-id 1000 
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6. Add the ae interface to the VLAN. 


[edit ] 
user@host# set interfaces aeO unit O family ethernet-switching vlan members vlan1000 


7. |f you are done configuring the device, commit the configuration. 


[edit ] 
user@host# commit 


Results 


From configuration mode, confirm your configuration by entering the show interfaces command. If the 
output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


[edit] 
user@host# show interfaces 
ge-0/0/6 { 
ether-options { 
802.3ad aeO; 


} 
ge-0/0/7 { 
ether-options { 
802.3ad aeO; 


} 
aeO { 
vian- tagging; 
aggregated-ether-options { 
lacp { 
active; 
periodic fast; 


} 
unit O { 
family ethernet-switching { 
interface-mode trunk; 
vian { 
members viani000; 


Verification 


Verifying LACP Statistics 


Purpose 


Display LACP statistics for aggregated Ethernet interfaces. 


Action 


From operational mode, enter the show lacp statistics interfaces aeO command. 


user@host> show lacp statistics interfaces aeO 


Aggregated interface: ae0 





LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx 
ge-0/0/6 1352 2085) 0 0 
ge-0/0/7 IBZ 2056 0 0 

Meaning 


The output shows LACP statistics for each physical interface associated with the aggregated Ethernet 
interface, such as the following: 


e The LACP received counter that increments for each normal hello packet received 
e The number of LACP transmit packet errors logged 
e The number of unrecognized packet errors logged 


e The number of invalid packets received 


Use the following command to clear the statistics and see only new changes: 


user@host# clear lacp statistics interfaces aeO 


Verifying LACP Aggregated Ethernet Interfaces 


Purpose 


Display LACP status information for aggregated Ethernet interfaces. 


Action 
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From operational mode, enter the show lacp interfaces aeO command. 


user@host> show lacp interfaces aeO 


Aggregated interface: ae0 
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LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity 
ge-0/0/6 Actor No No Yes Yes Yes Yes Fast Active 
ge-0/0/6 Partner No No Yes Yes Yes Yes Fast Passive 
ge-0/0/7 Actor No No Yes Yes Yes Yes Fast Active 
ge-0/0/7 Partner No No Yes Yes Yes Yes Fast Passive 

EACPMprotocol: Receive State Transmit State Mux State 
ge-0/0/6 Current Fast periodic Collecting distributing 
ge-0/0/7 Current Fast periodic Collecting distributing 


Meaning 


The output shows aggregated Ethernet interface information, including the following information: 


e The LACP state—Indicates whether the link in the bundle is an actor (local or near-end of the link) or a 


partner (remote or far-end of the link). 


e The LACP mode—Indicates whether both ends of the aggregated Ethernet interface are enabled (active 


or passive)—at least one end of the bundle must be active. 


e The periodic link aggregation control PDU transmit rate. 


e The LACP protocol state—Indicates the link is up if it is collecting and distributing packets. 


SEE ALSO 


Understanding Link Aggregation Control Protocol 


Ethernet Ports Switching Overview for Security Devices 


| Verifying LACP on Standalone Devices 


IN THIS SECTION 


@ = Verifying LACP Statistics | 242 
@ Verifying LACP Aggregated Ethernet Interfaces | 242 


Verifying LACP Statistics 


Purpose 


Display LACP statistics for aggregated Ethernet interfaces. 


Action 


From operational mode, enter the show lacp statistics interfaces aeO command. 


user@host> show lacp statistics interfaces aeO 





Aggregated interface: ae0 
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PACER StaitsEless LACP Rx LACP Tx Unknown Rx Illegal Rx 
ge-2/0/0 BI 2 2035 0 0 
ge-2/0/1 I1S52 2056 0 0 
ge-2/2/0 S52 2045 0 0 
ge-2/2/1 1352 2043 0 0 


The output shows LACP statistics for each physical interface associated with the aggregated Ethernet 


interface, such as the following: 


e The LACP received counter that increments for each normal hello 
e The number of LACP transmit packet errors logged 
e The number of unrecognized packet errors logged 


e The number of invalid packets received 


Use the following command to clear the statistics and see only new changes: 


user@host# clear lacp statistics interfaces aeO 


Verifying LACP Aggregated Ethernet Interfaces 


Purpose 


Display LACP status information for aggregated Ethernet interfaces. 


Action 


From operational mode, enter the show lacp interfaces aeO command. 


user@host> show lacp interfaces aeO 


Aggregated interface: ae0 








LACP state: Role Exp Def Dist Col Syn Aggr Timeout 


Activity 








ge-2/0/0 Actor 
ge-2/0/0 Partner 
ge-2/0/1 Actor 
Cje= 2/0) 1. Partner 
ge-2/2/0 Actor 
ge-2/2/0 Partner 
ge-2/2/1 Actor 
ge-2/2/1 Partner 
LACP protocol: 
ge-2/0/0 
ge-2/0/1 
ge-2/2/0 
ge-2/2/1 


No 





No 





Receive State 


Current 
Current 
Current 


Current 
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The output shows aggregated Ethernet interface information, including the following information: 


e The LACP state—Indicates whether the link in the bundle is an actor (local or near-end of the link) or a 


partner (remote or far-end of the link). 


e The LACP mode—Indicates whether both ends of the aggregated Ethernet interface are enabled (active 


or passive)—at least one end of the bundle must be active. 


e The periodic link aggregation control PDU transmit rate. 


e The LACP protocol state—Indicates the link is up ifit is collecting and distributing packets. 


SEE ALSO 


Verifying LACP on Redundant Ethernet Interfaces 
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| LAG and LACP Support Line Devices with I/O Cards (lOCs) 


NOTE: The following notes apply to 'LAG and LACP Support on SRX5000 Line Devices' as 
outlined in this document. 


e Cross-IOC LAG interfaces do not support Layer 2 transparent mode. 
e Mixed interface speeds are supported on the same aggregated bundle. 


e Aredundant Ethernet interface or aggregated Ethernet interface must contain child interfaces 
from the same IOC type. For example, if one child link is from 10-Gigabit Ethernet on IOC2, 
the second child link should also be from IOC2. Similarly, both child interfaces can be from 
1OC3. Configuring child interfaces by mixing links from both IOC2 and IOC3 is not supported. 


LAG and LACP Support on the SRX5000 Module Port Concentrator 


The SRX5000 Module Port Concentrator (SRX5K-MPC) on SRX5400, SRX5600, and SRX5800 devices 
supports link aggregation groups (LAGs) and Link Aggregation Control Protocol (LACP). 


Support for LAGs based on IEEE 802.3ad makes it possible to aggregate physical interface links on your 
device. LAGs provide increased interface bandwidth and link availability by linking physical ports and 
load-balancing traffic crossing the combined interface. 


LACP provides a standardized means for exchanging information between partner (remote or far-end of 
the link) systems on a link. This exchange allows their link aggregation control instances to reach agreement 
on the identity of the LAG to which the link belongs, and then to move the link to that LAG. This exchange 
also enables the transmission and reception processes for the link to function in an orderly manner. 


The following LAG and LACP features are supported on the SRX5K-MPC: 
e Bandwidth aggregation—Increases bandwidth, provides graceful degradation as failure occurs, and 
increases availability. 


e Link redundancy and load balancing (within chassis cluster)—Provides network redundancy by 
load-balancing traffic across all available links. If one of the links should fail, the system automatically 
load-balances traffic across all remaining links. 


e Dynamic link management—Enables automatic addition and deletion of individual links to the aggregate 
bundle without user intervention. 
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LACP supports the following features: 


e LACP bundles several physical interfaces to form one logical interface by exchanging LACP packets 
between the local interface and the remote interface. LACP monitors the link for changes in interface 
state by exchanging a periodic LACP heartbeat between two sides. Any changes in interface state are 
reflected in the LACP packet. 


Normally after an LACP is configured and committed, two sides start to exchange interface and port 
information. Once they identify each other and match the LACP state machine criteria, the LACP is 
declared as up. You can deactivate or delete the LACP configuration. 


By default, the LACP packets are exchanged in every second. You can configure the LACP interval as 
fast (every second) or slow (every 30 seconds) to ensure the health of the interfaces. 


e LACP supports distributed and centralized modes. Chassis cluster setup is recommended to operate 
with LACP distributed mode, which handles chassis cluster failover better. The centralized mode might 
experience traffic loss during failover. 


SRX5K-MPCs on SRX5000 line devices provide active and standby support with redundant Ethernet 
interface LAGs in chassis cluster deployments. 


LAG and LACP Support on the SRX5000 Line IOCs in Express Path Mode 


Starting in Junos OS Release 15.1X49-D40, the l|OC2 and IOC3 cards on SRX5400, SRX5600, and SRX5800 
devices support link aggregation groups (LAGs) and Link Aggregation Control Protocol (LACP) in Express 
Path mode. 


You can use the links in a LAG as ingress or egress interfaces in Express Path mode. The LAG links can 
include links from cards such as 1|OC2 or |OC3. For a LAG link to qualify for Express Path, all its member 
links should be connected to Express Path-enabled network processors. If Express Path is disabled on any 
of the member links in a LAG, a regular session (non-Express Path session) is created. 


SEE ALSO 


Configuring Aggregated Ethernet Interfaces | 224 
Configuring Link Aggregation Control Protocol 
Example: Configuring LACP on Chassis Clusters 
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| Example: Configuring LAG Interface on an Line Device with lIOC2 or IOC3 


IN THIS SECTION 


Requirements | 246 
Overview | 246 
Configuration | 247 


Verification | 250 


Starting in Junos OS Release 15.15X49-D40, IEEE 802.3ad link aggregation enables you to group Ethernet 
interfaces to form a single, aggregated Ethernet interface. This single, aggregated Ethernet interface is 
also known as a LAG or bundle. The LACP provides additional functionality for LAGs. 


This example shows how to configure LAG on an SRX Series device using the links from either |OC2 or 
IOC3 in Express Path mode. 


Requirements 


This example uses the following software and hardware components: 


e Junos OS Release 15.1X49-D40 or later for SRX Series devices. 
e SRX5800 with lOC2 or |OC3 with Express Path enabled on |OC2 and IOC3. For details, see Express Path. 


Overview 


In this example, you create a logical aggregated Ethernet interface and define the parameters associated 
with the logical aggregated Ethernet interface, such as a logical unit, interface properties, and LACP. Next, 
define the member links to be contained within the aggregated Ethernet interface—for example, four 
10-Gigabit Ethernet interfaces. Finally, configure an LACP for link detection. 


The following member links are used in this example: 


e xe-0/0/8 
e xe-0/0/9 
e xe-1/0/8 
e xe-1/0/9 
e xe-3/1/4 
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e xe-3/1/5 
e xe-5/1/4 
e xe-5/1/5 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following commands, paste them into a text file, remove any 
line breaks, change any details necessary to match your network configuration, delete, and then copy and 
paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration 
mode. 


set chassis aggregated-devices ethernet device-count 5 
set interfaces xe-0/0/8 gigether-options 802.3ad ae1 
set interfaces xe-0/0/9 gigether-options 802.3ad aeO 
set interfaces xe-1/0/8 gigether-options 802.3ad ae1 
set interfaces xe-1/0/9 gigether-options 802.3ad aeO 
set interfaces xe-3/1/4 gigether-options 802.3ad ae1 
set interfaces xe-3/1/5 gigether-options 802.3ad aeO 
set interfaces xe-5/1/4 gigether-options 802.3ad ae1 
set interfaces xe-5/1/5 gigether-options 802.3ad aeO 
set interfaces aeO unit O family inet address 17.0.0.1/24 
set interfaces ae1 unit O family inet address 16.0.0.1/24 
set interfaces aeO aggregated-ether-options lacp active 
set interfaces ae1 aggregated-ether-options lacp active 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see the Junos OS CLI User Guide. 


To configure LAG Interfaces: 


1. Specify the number of aggregated Ethernet interfaces to be created. 


[edit chassis] 
user@host# set aggregated-devices ethernet device-count 5 


2. Specify the members to be included within the aggregated Ethernet bundle. 


[edit interfaces] 
user@host# set xe-0/0/8 gigether-options 802.3ad ae1 
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user@host# set xe-0/0/9 gigether-options 802.3ad aeO 
user@host# set xe-1/0/8 gigether-options 802.3ad ae1 
user@host# set xe-1/0/9 gigether-options 802.3ad aeO 
user@host# set xe-3/1/4 gigether-options 802.3ad ae1 
user@host# set xe-3/1/5 gigether-options 802.3ad aeO 
user@host# set xe-5/1/4 gigether-options 802.3ad ae1 
user@host# set xe-5/1/5 gigether-options 802.3ad aeO 


3. Assign an IP address to aeO and ae1. 


[edit interfaces] 
user@host# set aeO unit O family inet address 17.0.0.1/24 
user@host# set ae1 unit O family inet address 16.0.0.1/24 


4. Set the LACP on rethO. 


[edit interfaces] 
user@host# set aeO aggregated-ether-options lacp active 
user@host# set ae1 aggregated-ether-options lacp active 


Results 
From configuration mode, confirm your configuration by entering the show interfaces command. If the 
output does not display the intended configuration, repeat the configuration instructions in this example 


to correct it. 


[edit] 
user@host# show interfaces 
xe-0/0/8 { 
gigether-options { 
802.3ad ae1; 


} 
xe-0/0/9 { 
gigether-options { 
802.3ad aeO; 


} 
xe-1/0/8 { 
gigether-options { 
802.3ad ae1; 


} 
xe-1/0/9 { 
gigether-options { 
802.3ad aeO; 


} 
xe-3/1/4 { 
gigether-options { 
802.3ad ae1; 


} 
xe-3/1/5 { 
gigether-options { 
802.3ad aeO; 


} 
aeO { 
aggregated-ether-options { 
lacp { 
active; 


} 
unit O { 
family inet { 
address 17.0.0.1/24; 


} 
ael { 
aggregated-ether-options { 
lacp { 
active; 


} 
unit O { 
family inet { 
address 16.0.0.1/24; 


[edit] 
user@host# show chassis 
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aggregated-devices { 
ethernet { 
device-count 5; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


Verifying LACP on Redundant Ethernet Interfaces 


Purpose 


Display LACP status information for redundant Ethernet interfaces. 


Action 


From operational mode, enter the show lacp interfaces command to check that LACP has been enabled 


as active on one end. 


user@host> show lacp interfaces 





Aggregated interface: ae0 





LACP state: Role 
xe-0/0/9 Actor 
xe-0/0/9 Partner 
xe-1/0/9 Actor 
xe-1/0/9 Partner 
xe-3/1/5 Actor 
xe-3/1/5 Partner 
xe-5/1/5 Actor 
xe-5/1/5 Partner 





LACP protocol: 
xe-0/0/9 
xe-1/0/9 
xe-3/1/5 
xe-5/1/5 


Aggregated interface: ael 





LACP state: Role 
xe-0/0/8 Actor 
xe-0/0/8 Partner 
xe-1/0/8 Actor 
xe-1/0/8 Partner 


xe-3/1/4 Actor 








No 








No 


Receive State 


Current 
Current 
Current 


Current 


Def 


Dist Col Sym 


Aggr 




















n 
wwe we ee 
n 
Meee Ye Re 
n 





s s s 


ik ike ike icy lee ke Ike 
n 


s Yes Yes 


ime ikG ike ike lee ike ike 
n 





Transmit State 
Fast periodic 
Fast periodic 
Fast periodic 


Fast periodic 

















Timeout Activity 
Fast Active 
Fast Active 
Fast Active 
Fast Active 
Fast Active 
Fast Active 
Fast Active 
Fast Active 
Mux State 
Collecting distributing 
Collecting distributing 
Collecting distributing 
Collecting distributing 
Timeout Activity 
Fast Active 
Fast Active 
Fast Active 
Fast Active 
Fast Active 


Daksic Coll Syn ANoreje 
YS WES Wes Mes 
WES Wes wes Mes 
YWeS WES Mes Mes 
“eS VES Mes MoS 
“eS VES MES MSS 
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xe-3/1/4 Partner No No Yes Yes Yes Yes Fast Active 
xe-5/1/4 Actor No No Yes Yes Yes Yes Fast Active 
xe-5/1/4 Partner No No Yes Yes Yes Yes Fast Active 
LACP protocol: Receive State Transmit State Mux State 
xe-0/0/8 Current Fast periodic Collecting distributing 
xe-1/0/8 Current Fast periodic Collecting distributing 
xe-3/1/4 Current Fast periodic Collecting distributing 
xe-5/1/4 Current Fast periodic Collecting distributing 


The output indicates that LACP has been set up correctly and is active at one end. 


Configuring Gigabit Ethernet Physical Interface 
Modules 


IN THIS SECTION 


Understanding the 1-Port Gigabit Ethernet SFP Mini-PIM | 252 

Example: Configuring the 1-Port Gigabit Ethernet SFP Mini-PIM Interface | 254 
Understanding the 2-Port 10-Gigabit Ethernet XPIM | 262 

Example: Configuring the 2-Port 10-Gigabit Ethernet XPIM Interface | 265 
Understanding the 8-Port Gigabit Ethernet SFP XPIM | 270 


Example: Configuring 8-Port Gigabit Ethernet SFP XPIMs | 272 


Small form-factor pluggables (SFPs) are hot-pluggable modular interface transceivers for Gigabit and Fast 
Ethernet connections. The 1-Port Gigabit Ethernet SFP Mini-PIM interfaces a single Gigabit Ethernet 
device or a network. The below topics discuss the overview and configuration of 1-Port Gigabit Ethernet 
SFP Mini-PIM interface, overview and configuration of 2-Port 10-GE XPIM and overview and configuration 
of 8-Port GE SFP XPIMs. 
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| Understanding the 1-Port Gigabit Ethernet SFP Mini-PIM 


IN THIS SECTION 


Supported Features | 252 
Interface Names and Settings | 252 
Available Link Speeds and Modes | 253 


Link Settings | 253 


Small form-factor pluggables (SFPs) are hot-pluggable modular interface transceivers for Gigabit and Fast 
Ethernet connections. Gigabit Ethernet SFP Mini-PIMs can be used in copper and optical environments 
to provide maximum flexibility when upgrading from an existing infrastructure to Metro Ethernet. 


The 1-Port Gigabit Ethernet SFP Mini-PIM interfaces a single Gigabit Ethernet device or a network. It 
supports a variety of transceivers with data speeds of 10-Mbps/100-Mbps/1-Gbps with extended LAN 
or WAN connectivity. 


Transceivers are hot-swappable. 


This topic includes the following sections: 


Supported Features 


The following features are supported on the 1-Port Gigabit Ethernet SFP Mini-PIM: 

e 10-Mbps/100-Mbps/1-Gbps link speed 

e Half-duplex/full-duplex support 

e Autonegotiation 

e Encapsulations 

e Maximum transmission unit (MTU) size of 1514 bytes (default) and 9010 bytes (jumbo frames) 
e Loopback 


e Transceivers are hot-swappable 


Interface Names and Settings 


The following format is used to represent the 1-Port Gigabit Ethernet SFP Mini-PIM interface names: 
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type-fpc/pic/port 

Where: 

e type—Media type (ge) 

e fpc—Number of the Flexible PIC Concentrator (FPC) card on which the physical interface is located 
e pic—Number of the PIC on which the physical interface is located (0) 

e port—Specific port on a PIC (0) 

Examples: ge-1/0/0 and ge-2/0/0 


By default, the interfaces on the ports on the uplink module installed on the device are enabled. You can 
also specify the MTU size for the Gigabit Ethernet interface. Junos OS supports values from 256 through 
9010. The default MTU size for Gigabit Ethernet interfaces is 1514. 


Available Link Speeds and Modes 


The 1-Port Gigabit Ethernet SFP Mini-PIM supports the following link speeds: 


e 10m-—Sets the link speed to 10 Mbps. 
e 100m-—Sets the link speed to 100 Mbps. 
e 1g—Sets the link speed to 1 Gbps. 


The 1-Port Gigabit Ethernet SFP Mini-PIM supports the following link modes: 


e Full-duplex—Allows bidirectional communication at a given point in time. 

e Half-duplex—Allows single directional communication at a given point in time. 
Link Settings 

The 1-Port Gigabit Ethernet SFP Mini-PIM includes the following link settings: 


e auto-negotiation—Enables autonegotiation of link mode and speed. 


NOTE: By default, autonegotiation is enabled. To disable autonegotiation, use set 
gigether-options no-autonegotiation 


We recommend enabling autonegotiation. 


e loopback—Enables loopback. 
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e no-auto-negotiation—Disables autonegotiation of link mode and speed. 
e no-loopback—Disables loopback. 


By default a link speed of 1 Gbps in full-duplex mode is supported. 


NOTE: On SRX340 High Memory devices, traffic might stop between the SRX340 device and 
the Cisco switch due to link mode mismatch. We recommend setting the same value to the 
autonegotiation parameters on both ends. 


NOTE: On SRX300 devices, the link goes down when you upgrade FPGA on 1-Port Gigabit 
Ethernet SFP mini-PIM. As a workaround, run the restart fpc command and restart the FPC. 


| Example: Configuring the 1-Port Gigabit Ethernet SFP Mini-PIM Interface 


IN THIS SECTION 


Requirements | 254 
Overview | 255 
Configuration | 255 


Verification | 258 


This example shows how to perform basic configuration for the 1-Port Gigabit Ethernet SFP Mini-PIM. 


Requirements 


Before you begin: 


e Establish basic connectivity. See the Getting Started Guide for your device. 


e Configure network interfaces as necessary. See “Example: Creating an Ethernet Interface” on page 208. 
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Overview 
In this example, you configure the ge-2/0/0 interface, set the operating speed to 100 Mbps, and define a 


logical interface that you can connect to the 1-Port Gigabit Ethernet SFP Mini-PIM. You also set the MTU 
value to 9010 and set the link option to no-loopback. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces ge-2/0/0 link-mode full-duplex speed 100m 
set interface ge-2/0/0 gigether-options no-loopback 


Configuring Physical Properties 
GUI Step-by-Step Procedure 


To quickly configure the physical properties of a 1-Port Gigabit Ethernet SFP Mini-PIM using J-Web, use 
the following steps: 


1. Select Configure > Interfaces. 


2. Under Interface, select ge-2/0/0 and then click Edit. A pop-up window appears. 


3. In the Description box, type the description for the SFP Mini-PIM. 


4. Inthe MTU box, type 9010. 


5. From the Speed list, select LOOMbps. 


6. From the Link-mode list, select Full-duplex. 


7. Select the Enable Auto-negotiation checkbox. 


8. Select the Enable Per Unit Scheduler checkbox. 


9. Click OK 
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Disabling the Interface 


GUI Step-by-Step Procedure 
To disable the 1-Port Gigabit Ethernet SFP Mini-PIM using J-Web, use the following steps: 


1. Select Configure > Interfaces . 


2. Under Interface, select ge-2/0/0 and then click Disable. 


Configuring Logical Properties 
GUI Step-by-Step Procedure 


To quickly configure the logical properties of a 1-Port Gigabit Ethernet SFP Mini-PIM using J-Web, use 
the following steps: 


1. Select Configure > Interfaces. 


2. Under Interface, select ge-2/0/0.0, and then click Add Logical Interface. A pop-up window appears. 


3. In the Unit box, type 0. 


4. In the Description box, type a description for the SFP Mini-PIM. 


5. From the Zone list, select untrust. 


6. To edit the family protocol type to the Mini-PIM interfaces, select the IPv4 tab, and then select Enable 
address configuration. 


7. Click Add, and then type IPv4 address. 


8. Click OK. 


Editing Logical Properties 

Step-by-Step Procedure 

To quickly configure the physical properties of a 1-Port Gigabit Ethernet SFP Mini-PIM using J-Web: 

1. Under Interface, select the logical interface added to the 1-Port Gigabit Ethernet SFP Mini-PIM and 
then click Edit. A pop-up window appears. 


2. Under Interface, select ge-2/0/0.0, and then click Edit Logical Interface. A pop-up window appears. 


3. From the Zone list, select trust. 
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4. To enable DHCP client on the interface, select the IPv4 tab and then select Enable DHCP. 


5. Click OK. 


NOTE: You cannot add or edit Description and Unit for a logical interface. 


Deleting the Logical Interface 


GUI Step-by-Step Procedure 
To delete the logical interface of 1-Port Gigabit Ethernet SFP Mini-PIM using J-Web, 


1. Select Configure > Interfaces. 


2. Under Interface, select ge-2/0/0.0, and then click Delete. 


Configuring a 1-Port Gigabit Ethernet SFP Mini-PIM 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide. 


To configure a 1-Port Gigabit Ethernet SFP Mini-PIM: 


1. Configure the interface. 


[edit] 
user@host# edit interfaces ge-2/0/0 


2. Set the operating link-mode full-duplex speed of 100 Mbps for the SFP Mini-PIM. 


[edit interfaces ge-2/0/0] 
user@host# set link-mode full-duplex speed 100m 


3. Assign the MTU value. 


[edit interfaces ge-2/0/0] 
user@host# set mtu 9010 


4. Add the logical interface. 
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[edit interfaces ge-2/0/0] 
user@host# set unit O family inet address 14.1.1.1/24 


5. Set the link options. 


[edit interfaces ge-2/0/0] 
user@host# set gigether-options no-loopback 


Results 

From configuration mode, confirm your configuration by entering the show interfaces ge-2/0/0 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 
user@host# show interfaces ge-2/0/0 
mtu 9010; 
speed 100m; 
gigether-options { 
no-loopback; 

} 

unit O { 
family inet { 
14.1.1.1/24 
} 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


@ Verifying That the Correct Hardware Is Installed | 259 
@ Verifying the FPC Status | 260 
@ Verifying the Interface Settings | 260 


Confirm that the configuration is working properly. 
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Verifying That the Correct Hardware Is Installed 


Purpose 
Verify that the 1-Port Gigabit Ethernet SFP Mini-PIM is installed on the device. 


Action 


From operational mode, enter the show chassis hardware command. 


user@host> show chassis hardware detail 


Hardware inventory: 


























Item Version Part number Serial number Description 
Chassis AG0309AA0004 SRX240b 
Routing Engine REV 16 THO=0 217 92, VL3180 RE-SRX240B 
dad Qe) ME SLV26S2 Nand Flash 
usb0O (addr 1) DWC OTG root hub 0 vendor 0x0000 uhub0 
usb0O (addr 2) product 0x005a 90 vendor 0x0409 uhubl 
usbO (addr 3) ST72682 High Speed Mode 64218 STMicroelectronics umass0 
mec (0) mee 
PIC © 16x GE Base PIC 
ee AL Ho0SUZSS on, 112009000278 HEC 
PIC © iisg AIL iq IMI 
BECe2Z REV 00 130-032 75) AABC5081 HEC 
Pac 1x GE High-Perf SFP mPIM 
Xevr 0 REV 02 740-011612 9101465 SERS 
FPC 4 750-029145 122009000061 PPC 
Pie © ix GH SHE mr iM 
Xevr 0 REV 01 740-011782 PBLOC3T SINS 





Power Supply 0 


Verify that the output contains the following values: 


e FPC 2, PIC O —1x GE High-Perf SFP mPIM 
e FPC 4, PIC 0 —1x GE SFP mPIM 


NOTE: In the example shown above, the output for 1-Port SFP Mini-Physical Interface Module 
is displayed as 1X GE SFP mPIM and the output for 1-Port Gigabit Ethernet SFP Mini-Physical 
Interface Module is displayed as 1X GE High-Perf SFP mPIM. 


Verifying the FPC Status 
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NOTE: The 1-Port GE SFP Mini-PIM is installed in the second slot of the device chassis; therefore 
the output displayed is 1x GE High-Perf SFP mPIM and the Flexible PIC Concentrator (FPC) used 


here is fpc 2. 


The 1-Port SFP Mini-PIM is installed in the fourth slot of the device chassis; therefore the output 
displayed is 1x GE SFP mPIM and Flexible PIC Concentrator (FPC) used here is fpc 4. 


Purpose 


Verify the FPC status. 


Action 


From operational mode, enter the show chassis fpc command. 


show@host> show chassis fpc 


Slo 
0 


mS 16) IS) | 


The output should show the FPC status as online. 


t State 
Online 
Online 


Online 





Empty 


Online 


CPU Utilization (%) 
Interrupt 





ew IL 





ew IL 





ce iL 





D 
ss 
ss 


ss 


ss 


Memory 


RA 
HEE 
BEE 
Ee 





BES 


(MB) 


Utilization (%) 


Heap 


Buffer 














The 1-Port SFP Mini-PIM is installed in the fourth slot of the device chassis; the output shows the FPC 


status for slot 4 as online. 


The 1-Port Gigabit Ethernet SFP Mini-PIM is installed in the second slot of the device chassis; the output 


shows the FPC status for slot 2 as online. 


Verifying the Interface Settings 


Purpo 


Verify that the interface is configured as expected. 


se 


Action 
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From operational mode, enter the show interface ge-2/0/0 command. 


user@host# run show interfaces ge-2/0/0 



































Physical interface: ge-2/0/0, Enabled, Physical link is Up 

imvertaces tncdex):s 516; se ONME Naik limcdexts 552 

Link-level typ Ethernet, MTU: 9010, Link-mod Full—-duplex, Speed: 100mbps, 
BPDU Error: None, IAC-REWRITE Error: None, 

Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, 
Auto-negotiation: Enabled, Remote fault: Online 

Device flags Present Running 

Interface flags: SNMP-Traps Internal: 0x0 





Link flags 


CoS queues 


Current address: 


Last flapped 
MMOLE, eee 
Output rate 
Active alarms 


Active defects 


Logical interface ge-2/0/0.0 


Flags: 
Input packets 


SNMP-Traps 


None 
8 supported, 8 maximum usable queues 
OOSZAZs333 99 aie? 2, 


ZAOLO—O3=17 IzeZ20ss3 Wile 


Hardware address: 00:22:83:99:ac:f2 
(00:00:20 ago) 


0 bps (0 pps) 
0 bps (0 pps) 
None 
None 

















Output packets: 1 


Security: 


IDIFOICOCCIL alinverc 


Zone: 


(Index 88) (SNMP if Index 557) 
Encapsulation: ENET2 
108 
Null 
MOE BNE 





Flags: Sendbcast-pkt-to-re 
Addresses, Flags: Is-Preferred Is-Primary 
DeSstaimercsoms 41 ,1/24, moecale i4,i1,1,1, Beoaceasice 14,1.1,255 


Verify the following information in the command output: 


e Physical interface—ge-2/0/0, Enabled, Physical link is Up 


e MTU—9010; Link-mode—Full-duplex 


e Speed—100 Mbps 
e Loopback—Disabled 
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| Understanding the 2-Port 10-Gigabit Ethernet XPIM 


IN THIS SECTION 


Supported Features | 263 

Interface Names and Settings | 263 
Copper and Fiber Operating Modes | 264 
Link Speeds | 264 


Link Settings | 264 


The 10-Gigabit Ethernet (also known as 10GBASE-T or IEEE 802.3an) is a telecommunication technology 
that offers data speeds up to 10 billion bits per second over unshielded or shielded twisted pair cables. 


The 2-Port 10-Gigabit Ethernet Physical Interface Module (XPIM) is a 2 x 1OGBASE-T / SFP+ XPIM line 
card. (SFP+ is a fiber optic transceiver module designed for 10-Gigabit Ethernet and 8.5 Gbps-fiber channel 
systems.) The 2-Port 10-Gigabit Ethernet XPIM provides a front-end interface connection that includes 
the following ports: 


e 2 X copper ports. The copper ports support LOGBASE-T running with CAT6A or CAT7 Ethernet cable 
for up to 100 meters. 


e 2 X fiber (SFP+) ports. The fiber ports support SFP+ multiple 10G modules. 


The 2-Port 10-Gigabit Ethernet XPIM provides interconnects for LANs, WANs, and metropolitan area 
networks (MANs). The XPIM provides multiple service levels (1-Gigabit Ethernet to 10-Gigabit Ethernet 
in increments) and a single connection option for a wide range of customer needs and applications. 


NOTE: By default, the 2-Port 10-Gigabit Ethernet XPIM ports comes up in fiber mode, while 
autonegotiation is not supported. 


This topic includes the following sections: 


Supported Features 


The following features are supported on the 2-Port 10-Gigabit Ethernet XPIM: 
e Multiple SFP+ 10G modules and the following SFP modules: 


e SFPP-10GE-SR 
e SFPP-10GE-LR 
e SFPP-10GE-ER 
e SFPP-10GE-LRM 


e Copper TWIN-AX 1M and Copper TWIN-AX 3M 
e Online Insertion and Removal (OIR ) functionality 
e Link speeds of up to 10-Gbps 

e Full-duplex and half-duplex modes 

e Flow control 

e Autonegotiation and autosensing 


e Quality of service (QoS) 


Interface Names and Settings 


The following format is used to represent the 2-Port 10-Gigabit Ethernet XPIM interface names: 
type-fpc/pic/port 

Where: 

e type — Media type (xe) 

e fpc — Number of the Flexible PIC Concentrator (FPC) card on which the physical interface is located 
e pic — Number of the PIC on which the physical interface is located (0) 

e port — Specific port on a PIC (0 or 1) 


By default, the interfaces (for example, xe-6/0/0 or xe-2/0/0) on the ports on the uplink module installed 
on the device are enabled. You can also specify the maximum transmission unit (MTU) size for the Gigabit 
Ethernet interface. Junos OS supports values from 256 through 9192. The default MTU for Gigabit Ethernet 
interfaces is 1514. 
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Copper and Fiber Operating Modes 


On the 2-Port 10-Gigabit Ethernet XPIM, one copper port and one fiber port is grouped together as port 
O, and another copper port and fiber port are grouped as port 1. Only two ports can be active at the same 
time (one port from port O and another port from port 1). 


The 2-Port 10-Gigabit Ethernet XPIM can be configured to operate in two copper mode, two fiber mode, 
or mixed mode (one copper and one fiber). In mixed mode, the two ports should be from different port 
groups (one port from port 1 and the other from port 2). 


Link Speeds 


The 2-Port 10-Gigabit Ethernet XPIM ports support the following link speeds for copper and fiber: 


e Copper—10/100/1000 Mbps or 10Gbps (full duplex). Half-duplex is only for 10/100 Mbps. 
e Fiber—1000 Mbps or 10 Gbps (full duplex). Half-duplex mode is not supported. 


To set the link speeds, use the following options: 


e 10m-—Sets the link speed to 10 Mbps. 
e 10g—Sets the link speed to 10 Gbps. 
e 100m-—Sets the link speed to 100 Mbps. 


e 1g—Sets the link speed to 1 Gbps. 


Link Settings 


The 2-Port 10-Gigabit Ethernet XPIM includes the following link settings: 


e 802.3ad—Specifies an aggregated Ethernet bundle. 

e auto-negotiation—Enables autonegotiation of flow control, link mode, and speed. 

e loopback—Enables loopback. 

e no-auto-negotiation—Disables autonegotiation of flow control, link mode, and speed. 


e no-loopback—Disables loopback. 


By default, flow control is enabled on all ports, a link speed of 10 Gbps in full duplex is supported, 
autonegotiation is disabled on the fiber ports, and autonegotiation is enabled on copper ports. 


NOTE: Autonegotiation is not supported when the 2-Port 10-Gigabit Ethernet XPIM is operating 
in fiber mode at a link speed of 10 Gbps. 
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| Example: Configuring the 2-Port 10-Gigabit Ethernet XPIM Interface 
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Overview | 265 
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This example shows how to perform basic configuration for the 1-Port Gigabit Ethernet SFP Mini-PIM. 


Requirements 


Before you begin: 


e Establish basic connectivity. See the Getting Started Guide for your device. 


e Configure network interfaces as necessary. See “Example: Creating an Ethernet Interface” on page 208. 


Overview 


In this example, you configure the xe-6/0/0 interface, set the operating mode to copper mode, set the 


operating speed to 10 Gbps, and define a logical interface that you can connect to the 2-Port 10-Gigabit 
Ethernet XPIM. Additionally, you set the MTU value to 1514, set the link option to no loopback, and enable 
the interface. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 


breaks, change any details necessary to match your network configuration, copy and paste the command 


into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces xe-6/0/0 media-type copper speed 10g unit 0 family inet mtu 1514 


set interface xe-6/0/0 gigether-options no-loopback 


Step-by-Step Procedure 
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The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide. 


To configure a 2-Port 10-Gigabit Ethernet XPIM: 


1. Configure the interface. 


[edit] 
user@host# edit interfaces xe-6/0/0 


2. Configure the operating mode. 


[edit interfaces xe-6/0/0] 
user@host# set media-type copper 


3. Set the operating speed for the XPIM. 


[edit interfaces xe-6/0/0] 
user@host# set speed 10g 


4. Add the logical interface. 


[edit interfaces xe-6/0/0] 
user@host# set unit O family inet 


5. Assign the physical interface MTU value. 


[edit interfaces xe-6/0/0] 
user@host# set interface xe-6/0/0 mtu 1514 


6. Assign the logical interface MTU value. 


[edit interfaces xe-6/0/0] 
user@host# set unit O family inet mtu 1500 


7. Set the link options. 


[edit interfaces xe-6/0/0] 
user@host# set gigether-options no-loopback 
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8. Disable the interface. 


[edit interfaces xe-6/0/0] 
user@host# set disable 


9. Enable the interface. 


[edit interfaces xe-6/0/0] 
user@host# delete disable 


Results 


From configuration mode, confirm your configuration by entering the show interfaces xe-6/0/0 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 
user@host# show interfaces xe-6/0/0 
speed 10g; 
media-type copper; 
gigether-options { 
no-loopback; 

} 

unit O { 
family inet { 
mtu 1514; 
} 


If you are done configuring the device, enter commit from configuration mode. 


Verification 
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Confirm that the configuration is working properly. 


Verifying That the Correct Hardware Is Installed 


Purpose 
Verify that the 2-Port 10-Gigabit Ethernet XPIM is installed on the device. 


Action 


From operational mode, enter the show chassis hardware command. 


Hardware inventory: 



































Item Version Part number Serial number Description 
Chassis AJ0309AC0047 SRX650 
idplane REV 04 WMO SO 23/75 IVS OS) 
System IO REV 04 OS Os A089) TV4035 SRXSME System IO 
Routing Engine REV O01 11L0—=023224 DAES ALO) RE-SRXSME-SRE6 
mec IC, 
2c (0) 4x GE Base PIC 
m2 2 EC 
Eal@an0) 2x 10G gPIM 
FPC 6 EG 
Palen) 2 xa Gage seM 
Power Supply 0 REV O1 740-024283 TAQOO49WSSSS PS 645W AC 








Verify that the output contains the following values: 


e FPC 2, PIC O—2x 10G gPIM 


e FPC 6, PIC O—2x 10G gPIM 


Verifying the FPC Status 


Purpose 
Verify the FPC status. 


Action 


From operational mode, enter the show chassis fpc command. 














Temp CEUMU ieee Seaton (6) Memory Wig alilawerc aor (2) 
Slot State tes) Total Interrupt DRAM (MB) Heap Buffer 
0 Onlin Cau less iec 
1 Empty 
2 (Oyo ation Crew less. sec 
3 Empty 





Empty 
Empty 
Onlin CPU less FPC 








Empty 


on7y4n wo fs 





Empty 


The output should display FPC status as online. 


Verifying the Interface Settings 


Purpose 


Verify that the interface is configured as expected. 


Action 


From operational mode, enter the show interface xe-6/0/0 command. 


Physical interface: xe-6/0/0, Enabled, Physical link is Up 
Interface index: 144, SNMP ifIndex: 501 
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 10Gbps, 

















BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, 

















Source filtering: Disabled, Flow control: Enabled 





Device flags : Present Running 

6 Copyright © 2010, Juniper Networks, Inc. 

Interface flags: SNMP-Traps Internal: 0x0 

Link flags : None 

CoS queues : 8 supported, 8 maximum usable queues 

Current address: 00:1f£:12:e0:80:a8, Hardware address: 00:1f:12:e0:80:a8 
ihagic, scileysjoecl 8 IS/O-O1=Oi1 OWOss4c22 Bsr (O7 826528) acye))) 

Input rate : 0 bps (0 pps) 

Output rate : 0 bps (0 pps) 

Active alarms : None 


Active defects : None 


Logical interface xe-6/0/0.0 (Index 72) (SNMP ifIndex 503) 




















Flags: SNMP-Traps Encapsulation: ENET2 

liga ol Due oy-Kell.¢— 1 ox mnHEYAS) 

Output packets: 25 

Security: Zone: HOST 

Allowed host-inbound traffic : any-service bfd bgp dvmrp igmp ldp msdp nhrp 
ospf pgm pim rip router-discovery rsvp sap vrrp 

Protocol inet, MTU: 1500 

Flags: Sendbcast—pkt-to-re 
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Addresses, Flags: Is-Preferred Is-—Primary 
Dasicamecaemes 10,10, 10/24, heels 10,1010 10, Bironcleasic? 10.10, 10.255 


Verify the following information in the command output: 

e Physical interface—xe-6/0/0, Enabled, Physical link is Up 
e MTU—1514 

e Link mode—Full duplex 

e Speed—10 Gbps 

e Loopback—Disabled 


e Flow control—Enabled 


Understanding the 8-Port Gigabit Ethernet SFP XPIM 


A Gigabit Ethernet Physical Interface Module (XPIM) is a network interface card (NIC) that installs in the 
front slots of the SRX550 Services Gateway to provide physical connections to a LAN or a WAN. 


NOTE: Starting in Junos OS Release 15.1X49-D10, the 8-Port Gigabit Ethernet SFP XPIM is not 
supported on legacy SRX Series systems. In Junos OS Release 15.1X49-D30, support for the 
8-Port Gigabit Ethernet SFP XPIM is restored for SRX550 Service Gateway systems. 


Small form-factor pluggables (SFPs) are hot-pluggable modular interface transceivers for gigabit and Fast 
Ethernet connections. The 8-port SFP Gigabit Ethernet interface enables customers to connect to Ethernet 
WAN services as well as to local servers at gigabit speed. 


Supported Features 


The following features are supported on the 8-Port Gigabit Ethernet SFP XPIM: 


e Operates on both a slot with a maximum bandwidth of 8 gigabits and a slot with a maximum bandwidth 
of 1 gigabit 


e Operates in tri-rate (10/100/1000 Mbps) mode with copper SFPs 
e Routing and switched mode operation 


e Layer 2 protocols 
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e Link Aggregation Control Protocol (LACP) 

e Link Layer Discovery Protocol (LLDP) 

e GARP VLAN Registration Protocol (GVRP) 

e Internet Group Management Protocol (IGMP) snooping (v1 and v2) 


e Spanning Tree Protocol (STP), Real-Time Streaming Protocol (RTSP), and Multiple Spanning Tree 
Protocol (MSTP) 


e 802.1x 


Encapsulation (supported at the Physical Layer) 


e ethernet-bridge 


ethernet-ccc 


ethernet-tcc 


ethernet-vpls 


extended-vlan-ccc 


extended-vlan-tcc 


flexible-ethernet-services 


vlan-ccc 


e Qin Q VLAN tagging 


Integrated routing and bridging (IRB) 


e Jumbo frames (9192 byte size) 


Chassis cluster switching 


Chassis cluster fabric link using GE ports 


NOTE: 


The following Layer 2 switching features are not supported when the 8-Port Gigabit Ethernet 
SFP XPIM is plugged in slots with speeds of less than 1 gigabit: 


e QinQ VLAN tagging 


e Link aggregation using ports across multiple XPIMs 


Interface Names and Settings 


The following format is used to represent the 8-Port SFP XPIM: 
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type-fpc/pic/port 

Where: 

e type—Media type (ge) 

e fpc—Number of the Flexible PIC Concentrator (FPC) card where the physical interface resides 
e pic—Number of the PIC where the physical interface resides (0) 

e port—Specific port on a PIC (0) 

Examples: ge-1/0/0 and ge-2/0/0 


By default, the interfaces on the ports on the uplink module installed on the device are enabled. You can 
also specify the maximum transmission unit (MTU) size for the XPIM. Junos OS supports values from 256 
through 9192. The default MTU size for the 8-Port Gigabit Ethernet SFP XPIM is 1514. 


| Example: Configuring 8-Port Gigabit Ethernet SFP XPIMs 


IN THIS SECTION 


Requirements | 273 
Overview and Topology | 273 
Configuration | 274 


Verification | 280 


This example shows how to perform a basic back-to-back device configuration with 8-port Gigabit Ethernet 
small form-factor pluggable (SFP) XPIMs. It describes a common scenario in which SFP XPIMs are deployed. 


NOTE: Starting in Junos OS Release 15.1X49-D10, the 8-Port Gigabit Ethernet SFP XPIM is not 
supported on legacy SRX Series systems. In Junos OS Release 15.1X49-D30, support for the 
8-Port Gigabit Ethernet SFP XPIM is restored for SRX550 Service Gateway systems. 
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Requirements 


This example uses the following hardware and software components: 

e Junos OS Release 12.1X44-D10 or later for SRX Series Services Gateways. 
e Two SRX650 devices connected back-to-back. 

e Two 8-port Gigabit Ethernet SFP XPIMs. 


e Eight pairs of SFP transceivers as mentioned in 8-Port Gigabit Ethernet SFP XPIM Supported Modules and 
eight cables to connect them. 


Before you begin: 


e Establish basic connectivity. See the Getting Started Guide for your device. 


e Configure network interfaces as necessary. See “Example: Creating an Ethernet Interface” on page 208. 


Overview and Topology 


Inthis example, you configure two SRX650 devices. On each device you configure eight interfaces (ge-6/0/0 
through ge-6/0/7), set the maximum transmission unit (MTU) value to 9192, and define a logical interface 
that you can connect to the 8-port SFP XPIM. 


Figure 16 on page 274 shows the topology used in this example. 


Figure 16: Basic Back-to-Back Device Configuration 
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Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following commands, paste them into a text file, remove any 
line breaks, change any details necessary to match your network configuration, and then copy and paste 
the commands into the CLI at the [edit] hierarchy level. 


Device 1 


set interfaces ge-6/0/0 mtu 9192 
set interfaces ge-6/0/0 unit 0 family inet address 10.1.1.1/24 
set interfaces ge-6/0/1 mtu 9192 
set interfaces ge-6/0/1 unit 0 family inet address 11.1.1.1/24 
set interfaces ge-6/0/2 mtu 9192 
set interfaces ge-6/0/2 unit 0 family inet address 12.1.1.1/24 
set interfaces ge-6/0/3 mtu 9192 
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set interfaces ge-6/0/3 unit 0 family inet address 13.1.1.1/24 
set interfaces ge-6/0/4 mtu 9192 
set interfaces ge-6/0/4 unit 0 family inet address 14.1.1.1/24 
set interfaces ge-6/0/5 mtu 9192 
set interfaces ge-6/0/5 unit 0 family inet address 15.1.1.1/24 
set interfaces ge-6/0/6 mtu 9192 
set interfaces ge-6/0/6 unit 0 family inet address 16.1.1.1/24 
set interfaces ge-6/0/7 mtu 9192 
set interfaces ge-6/0/7 unit 0 family inet address 17.1.1.1/24 


Device 2 


set interfaces ge-6/0/0 mtu 9192 
set interfaces ge-6/0/0 unit 0 family inet address 10.1.1.2/24 
set interfaces ge-6/0/1 mtu 9192 
set interfaces ge-6/0/1 unit 0 family inet address 11.1.1.2/24 
set interfaces ge-6/0/2 mtu 9192 
set interfaces ge-6/0/2 unit 0 family inet address 12.1.1.2/24 
set interfaces ge-6/0/3 mtu 9192 
set interfaces ge-6/0/3 unit 0 family inet address 13.1.1.2/24 
set interfaces ge-6/0/4 mtu 9192 
set interfaces ge-6/0/4 unit 0 family inet address 14.1.1.2/24 
set interfaces ge-6/0/5 mtu 9192 
set interfaces ge-6/0/5 unit 0 family inet address 15.1.1.2/24 
set interfaces ge-6/0/6 mtu 9192 
set interfaces ge-6/0/6 unit 0 family inet address 16.1.1.2/24 
set interfaces ge-6/0/7 mtu 9192 
set interfaces ge-6/0/7 unit 0 family inet address 17.1.1.2/24 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure the interfaces on Device 1: 


1. Configure the interface. 


[edit] 
user@host# set interfaces ge-6/0/0 


2. Assign the maximum transmission unit value for the interface. 


[edit interfaces ge-6/0/0] 
user@host# set mtu 9192 


3. Add the logical interface. 


[edit interfaces ge-6/0/0] 
user@host# set unit 0 family inet address 10.1.1.1/24 


NOTE: Repeat these steps for the remaining seven ports on Device 1. 


Step-by-Step Procedure 


To configure the interfaces on Device 2: 


1. Configure the interface. 


[edit] 
user@host# edit interfaces ge-6/0/0 


2. Assign the maximum transmission unit value for the interface. 


[edit interfaces ge-6/0/0] 
user@host# set mtu 9192 


3. Add the logical interface. 


[edit interfaces ge-6/0/0] 
user@host# set unit O family inet address 10.1.1.2/24 


NOTE: Repeat these steps for the remaining seven ports on Device 2. 


Results 
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From configuration mode, confirm your configuration by entering the show interfaces command. If the 
output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


Device 1 


[edit] 
user@host# show interfaces 
ge-6/0/0 { 
mtu 9192; 
unit O { 
family inet { 
address 10.1.1.1/24; 


} 
ge-6/0/1 { 
mtu 9192; 
unit O { 
family inet { 
address 11.1.1.1/24, 


} 
ge-6/0/2 { 
mtu 9192; 
unit O { 
family inet { 
address 12.1.1.1/24, 


} 
ge-6/0/3 { 
mtu 9192; 
unit O { 
family inet { 
address 13.1.1.1/24; 


} 

ge-6/0/4 { 
mtu 9192; 
unit O { 


family inet { 
address 14.1.1.1/24, 


} 
ge-6/0/5 { 
mtu 9192; 
unit O { 
family inet { 
address 15.1.1.1/24; 


} 
ge-6/0/6 { 
mtu 9192; 
unit O { 
family inet { 
address 16.1.1.1/24, 


} 
ge-6/0/7 { 
mtu 9192; 
unit O { 
family inet { 
address 17.1.1.1/24, 


Device 2 


[edit] 
user@host# show interfaces 
ge-6/0/0 { 
mtu 9192; 
unit O { 
family inet { 
address 10.1.1.2/24; 
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} 
ge-6/0/1 { 
mtu 9192; 
unit O { 
family inet { 
address 11.1.1.2/24, 


} 
ge-6/0/2 { 
mtu 9192; 
unit O { 
family inet { 
address 12.1.1.2/24; 


} 
ge-6/0/3 { 
mtu 9192; 
unit O { 
family inet { 
address 13.1.1.2/24; 


} 
ge-6/0/4 { 
mtu 9192; 
unit O { 
family inet { 
address 14.1.1.2/24, 


} 
ge-6/0/5 { 
mtu 9192; 
unit O { 
family inet { 
address 15.1.1.2/24; 
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ge-6/0/6 { 
mtu 9192; 
unit O { 
family inet { 
address 16.1.1.2/24; 


} 
ge-6/0/7 { 
mtu 9192; 
unit O { 
family inet { 
address 17.1.1.2/24, 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


Verifying the Hardware was Properly Installed | 280 
Verifying the FPC Status | 282 
Verifying Interface Link Status on Device 1 | 282 


e 
t 
t 
@ Verifying the Interface Settings on Device 1 | 283 
@ Verifying Interface Link Status on Device 2 | 287 
o 


Verifying the Interface Settings on Device 2 | 288 


Confirm that the configuration is working properly. 


Verifying the Hardware was Properly Installed 


Purpose 
Verify that the 8-Port Gigabit Ethernet SFP XPIM is installed on the device. 


Action 
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From operational mode, enter the show chassis hardware command. 


user@host> show chassis hardware detail 


Hardware inventory: 



























































Item Version Part number Serial number Description 
Chassis AJ3009AA0001 SRX650 
Midplane REV 08 EOS OAS iio AAAKO0059 
System IO REV 08 7 MO> OAS 209 AAAJ9290 SRXSME System IO 
Routing Engine REV ees THO-O2 3225 AAAJ1987 RE-SRXSME-—SRE6 
ad0 2000 MB CF 2GB 2009A 0000194075 Compact Flash 
usbO {addr 1) DWE OTG root hub U vendor 0x0000 uhub0 
usb0O (addr 2) product 0x005a 90 vendor 0x0409 uhubl 
mec 0) ENS 
PLE @ 4x GE Base PIC 
eC AL REV 03 THO=0S82 90 AADL2016 He 
BE EwS eC 
Rac (0) 8x GH SFP gPIM 
eC © REV 03 750-037 551 AAEC8065 PRC 
PIE ©) 8x GE SFP gPIM 
Xcevr 0 REV O01 740-013111 8043353 Swe = 1 
ene AL NON-JNPR PC6020W SEP Sox 
MONE 2 k NON-JNPR BDS31 SFP-1000BASE-BX10-D 
Mee 3} REV 01 TAGS OIG Ne2 9XT702501080 SIMD Ike! 
Xevr 4 REV O01 740-011612 Pee TO 2 SiO) 1.0) 7S) FSD dole 
Maye 5 NON-JNPR PCH2GTJ SEZ (Sx 
Moye 6 NON-JNPR PC604DL Sine’ —1Spx< 
RONTE 7] REV 01 740-011620 5349504 SFP-FX 
HeCwS REV 00 THOS OS 321910 HE 





Power Supply 0 


Meaning 


The output displays the hardware details of the device and a list of all interfaces configured. 
Verify that the output contains the following values: 


e FPC 5, PIC 0 —8x SFP gPIM 
e FPC 6, PIC O —8x SFP gPIM 


| 


NOTE: In the example, the output for 8-Port SFP Gigabit Ethernet XPIM is displayed as 8x GE 
SFP gPIM. 


Verifying the FPC Status 


Purpose 


Verify that the status of the Flexible PIC Concentrator is online. 


Action 


From operational mode, enter the show chassis fpc pic-status command. 


user@host> show chassis fpc pic-status 

















Sloe C Online FPC 

PIC 0 Online 4x GE Base PIC 
Silo il Present BC 
Siloiem Online WC 

PIC 0 Online 8x GE SFP gPIM 
Slot 6 Online WC 

PIC 0 Online 8x GE SFP gPIM 
Slot 8 PWSSS Ie HE 


Meaning 


The output shows the FPC status for slot 5 and slot 6 as online. The 8-Port Gigabit Ethernet SFP XPIM is 
installed in slot 5 and slot 6 of the device. 


Verifying Interface Link Status on Device 1 


Purpose 


Verify that the interface link status is up. 


Action 


From operational mode, enter the show interface terse ge-6/0/* command. 


user@host> show interface terse ge-6/0/* 


Output for Device 1 


Interface Admin Link Proto Local Remote 
ge-6/0/0 up up 

ge-6/0/0.0 up up inet IO 1. 1,1/24 

ge-6/0/1 up up 

ge-6/0/1.0 up up inet LiL dl /f/24a 

ge-6/0/2 up up 

ge-6/0/2.0 up up inet 12 11,1 /24 
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ge-6/0/3 
ge-6/0/3.0 
ge-6/0/4 
ge-6/0/4.0 
ge-6/0/5 
ge-6/0/5.0 
ge-6/0/6 
ge-6/0/6.0 
ge-6/0/7 
ge-6/0/7.0 


Meaning 


up 
up 
up 
up 
up 
up 
up 
up 
up 
up 


up 
up 
up 
up 
up 
up 
up 
up 
up 
up 


inet 


inet 


inet 


inet 





inet 


The output displays a list of all interfaces configured. 


Le 


14. 


LS < 


Gre 


LT 





.1/24 


.1/24 


.1/24 


od / 24 





od / 24 


If the link displays up for all interfaces, the configuration is working properly. This verifies that the XPIM 


is up and end-to-end ping is working. 


Verifying the Interface Settings on Device 1 


Purpose 


Verify that the interfaces are configured as expected. 


Action 


From operational mode, enter the show interface ge-6/0/0 extensive | no-more command. 


user@host>show interface ge-6/0/0 extensive | no-more 


Output for Device 1 


Physical interface: 


Interface index: 


ge-6/0/0, 





Enabled, 


Physical link is Up 


152, SNMP ifIndex: 544, Generation: 





Link-level typ 





BPDU Error: None, 

















Error: None, 





Source filtering: Disabled, Flow control: 


Device flags 
Interface flags: 
Link flags 

CoS queues 
Hold-times 


Current address: 





Last flapped 


Remote fault: Online 


Present Running 


SNMP-Traps Internal: 0x0 


None 


8 supported, 


Up O ms, Down O ms 


00: 26°60:04: 0a: as, 
AOU2=-O7-O05 Bie hseae, iw 





Ethernet, MIU: 9192, Link-mod 
MAC-REWRITE 





Full—-duplex, 
Loopback: Disabled, 


Enabled, Auto-negotiation: 


8 maximum usable queues 


Hardware address: 
(@WOesilSes29 Aco) 


1000mbps, 


Enabled, 





00:26:88:04:0a:a8 
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Statistics last cleared: Never 
Traffic statistics: 

Input bytes 

Output bytes 

Input packets: 

Output packets: 


MAO We, Sucielores} § 





Output errors: 


Caieriee iWiceimsiicaeiac9 iL, Imicieo@res\s 


FIFO errors: 0, Resource errors: 


228 
540 


reOrss O, Wreess O, Witenes Gries 3 


0 


0, 


imiivo) Grror~ss O, IES Ililile CNC Eiciconess 





QUcHIERCounmemSK: 
Q ISSSiE Sit 1Oieic 
1 expedited-fo 
2 assured-forw 


3 network-cont 


Egress queues: 8 supported, 4 in use 


Queued packets 


5 
0 
0 
0 


Dia) OSes O a © OlMlsiesrigcias, 


0 bps 
0 bps 
0 pps 
0 pps 


a Or, 


OF ee RUM Estee OF me Do leinceeCucalsicaac seam Ol, 


L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, 


Aged packets: 0, 


0, MTU errors: 0, Resource errors: 0 


Transmitted packets 
3 


0 
0 
0 


Queue number: Mapped forwarding classes 


0 best-effort 


iL expedited-forwarding 


Z assured-forwarding 


3 network-control 


Active alarms : None 
Active defects : None 
MAC statistics: 


Total octets 





Total packets 
Unicast packets 
Broadcast packets 
Multicast packets 
CRC/Align errors 
IO) Gwwors 
MAC control frames 
MAC pause frames 
Oversized frames 
Jabber frames 
Fragment frames 
VLAN tagged frames 
Code violations 

Filter statistics: 
Input packet count 
Input packet rejects 


Receive Transmit 
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WwW 





oe; 2 oe ene Ss ae ee ec SS 
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a7 ee Sf & || 


Dropped packets 
0 


0 
0 
0 
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Input DA rejects 0 
Input SA rejects 0 
Output packet count 
Output packet pad count 
Output packet error count 
CAM destination filters: 2, CAM source filters: 0 
Autonegotiation information: 

Negotiation status: Complete 
Link partner: 


Link mode: Full-duplex, Flow control: None, 


1000 Mbps 





Link partner Speed: 


Local resolution: 





Flow control: None, Remote fault: Link OK 
Packet Forwarding Engine configuration: 
Destination slot: 6 
CoS information: 
Direction Output 
CoS transmit queue Bandwidth 
Limit 
% bps % 
0 best-effort 9S 950000000 5) 
none 
3 network-control 5 50000000 5) 
none 
Interface transmit statistics: Disabled 

















Logical interface ge-6/0/0.0 (Index 81) (SNMP ifIndex 509) 
Flags: SNMP-Traps 0x0 Encapsulation: ENET2 
TeAECLS Staci sic ies 

Input bytes : 0 
Output bytes 42 
Input packets: 0 
Output packets: 1 
Local SitaAclsicLes s 

Input bytes 

Output bytes 42 
Input packets: 

Output packets: 1 
Transit statistics: 

Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
Security: Zone: HOST 





Remote fault: 
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Oe, 


Buffer Priority 


usec 
0 low 
0 low 


(Generation 146) 


0 bps 
0 bps 
0 pps 
0 pps 


286 


Allowed host-inbound traffic : any-service bfd bgp dvmrp igmp ldp msdp nhrp 
ospf ospf3 pgm pim rip ripng router-discovery rsvp sap vrrp 
Flow Statistics 
Flow Input statistics 
Self packets 
ICMP packets 
VPN packets 
Multicast packets 
Bytes permitted by policy 


oe, Se ey Se SE ©& 


Connections established 
Flow Output statistics: 
Multicast packets : 0 
Bytes permitted by policy : 0 
Flow error statistics (Packets dropped due to): 
Address spoofing: 0 
Authentication failed: 


Incoming NAT errors: 





Invalid zone received packet: 
ultiple user authentications: 
Multiple incoming NAT: 
No parent for a gate: 


No one interested in self packets: 





No minor session: 

No more sessions: 

No NAT cate: 

No route present; 

No SA for incoming SPI: 
No tunnel found: 

No session for a gate: 


No zone or NULL zone binding 





Policy denied: 
Security association not active: 
TCP sequence number out of window: 


Syn-attack protection: 


eo, .e) ye Se) ey Se SS ea et es Ss) Sea OPS ae Ses es eS = 





User authentication errors: 
Protocol inet, MTU: 9178, Generation: 162, Route table: 0 
Flags: Sendbcast-pkt-to-re 





Addresses, Flags: Is-Preferred Is—Primary 
DEStamecioms LO, 1/24, ieceile LO ,l.l,l, Beosceasices 10, 1.1,255, 


Generation: 176 


Meaning 


The output displays a list of all interface verification parameters. 


Verify the following information in the command output: 


e Physical Interface—ge-6/0/0, enabled, physical link is Up 

e MTU—9192 

e Speed—1000 Mbps 

If the verification parameters are as expected, the configuration is working properly. 


Verifying Interface Link Status on Device 2 


Purpose 


Verify that the interface link status is up. 


Action 


From operational mode, enter the show interface terse ge-6/0/* command. 


user@host> show interface terse ge-6/0/* 











Output for Device 2 
Interface Admin Link Proto Local Remote 
ge-6/0/0 up up 
ge-6/0/0.0 up up inet IO 11,2724 
ge-6/0/1 up up 
ge-6/0/1.0 up up inet 11 Lol 2/24 
Ges 0/02 up up 
ge-6/0/2.0 up up inet 12 1.1 2/24 
ge-6/0/3 up up 
ge-6/0/3.0 up up inet IS 1.1 ,2/24 
ge-6/0/4 up up 
ge-6/0/4.0 up up inet 14 od 2/ Be 
ge-6/0/5 up up 
ge-6/0/5.0 up up inet 151.1 2/24 
ge-6/0/6 up up 
ge-6/0/6.0 up up inet 1G 1. ,2/24 
ge-6/0/7 up up 
ge-6/0/7.0 up up inet AD hod 2/24 
Meaning 


The output displays a list of all interfaces configured. 


If the link displays up for all interfaces, the configuration is working properly. This verifies that the XPIM 


is up and end-to-end ping is working. 


287 


Verifying the Interface Settings on Device 2 


Purpose 


Verify that the interfaces are configured as expected. 


Action 
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From operational mode, enter the show interface ge-6/0/0 extensive | no-more command. 


user@host>show interface ge-6/0/0 extensive | no-more 


Output for Device 2 


ge-6/0/0, Enabled, 
TAa) SNMP itindex: 520) 
Ethernet, Oil QZ, 
MAC-REWRITE 





Physical interface: 


Interface index: 





Link-level typ MTU: 


BPDU 




















Bah @ns IN @mney, Error: None, 





Source filtering: Disabled, Flow control: 
Remote fault: Online 


Device flags Present Running 


Interface flags: SNMP-Traps Internal: 0x0 


Link flags None 
Cosmaucues 8 supported, 


Hold-times Up 0 ms, Down 0 ms 
O02 24 sderii 228236, 


ZQLZ—O7—OS BILE Sgal2 leit 


Current address: 





Last flapped 


Statistics last cleared: Never 


Meets C mr SiteclicekstesaCsn: 
Input bytes 228 
Output bytes 294 
Input packets: 3 
Output packets: ) 


MIMO, Sisieroyiess § 





EeOrss OW, Dreess O, Wieditliney Gross O, IRuMess OW, Polwesec chisearcles 
L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, 
FIFO errors: 0, Resource errors: 0 

Output errors: 
CAKLISE Ckemsitionme; 13, Berorss O, Dress: ©, Collisions: 0, 





0, 


Resource errors: 0 


Aged packets: DINO) eicworss O, 


4 in use 





Egress queues: 8 supported, 


Queue counters: Queued packets 
0 best-effort 3 


1 expedited-fo 0 


Generation: 


Physical link is Up 


147 





Link-mod 


Full-duplex, 
Loopback: Disabled, 


Speed: 





Hardware address: 
(MOOsLSSS2 ACO) 


iS) ilaink CIRC eucieo@ies ? 


Transmitted packets 


Enabled, Auto-negotiation: 


8 maximum usable queues 


00: 


0 bps 
0 bps 
0 pps 
0 pps 


0, 


3 
0 


1000mbps, 


Enabled, 





MTU errors: 


Bl eroliots INT GAAE 8 els} 


0, 


0, 


Dropped packets 


0 
0 


2 assured-forw 
3 network-cont 


Queue number: 


0 
0 


Mapped forwarding classes 


0 best-effort 

iL expedited-forwarding 

Zs assured-forwarding 

3 network-control 
Active alarms : None 


Active defects : None 


MAC statistics: 


Total octets 





Total packets 


Unicast packets 


Receive 


Broadcast packets 


Multicast packets 


CRC/Align errors 


FIFO errors 


MAC control frames 


MAC pause frames 
Oversized frames 
Jabber frames 


Fragment frames 


VLAN tagged frames 


Code violations 


imsLINGee Sieehe sl Sic Less 


Input packet count 


Input packet rejects 


Input DA rejects 
Input SA rejects 


Output packet count 


Output packet pad count 


Output packet error count 
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Ww 


eS aa oc ea Ss e& S&S S&F ec FE 


Se fe eS 


CAM destination filters: 2, CAM source filters: 


Autonegotiation information: 


Negotiation status: Complete 


Link partner: 





Link partner 


Link mode: Full-duplex, 


Speed: 1000 Mbps 


Local resolution: 


Flow control 

Packet Forwarding 

Destination slot 
CoS information: 


Direction 


: None, Remote fault: 





Engine configuration: 


8 © 


Output 


Flow control: None, 


Link OK 


Transmit 
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SS eS ee ee ee CO) 


0 


Remote fault: 


OK, 
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CoS transmit queue 


Limit 


0 best-effort 


none 


3 network-control 


none 


Bandwidth 
% bps % 
oS 950000000 oo 
5 50000000 5 


Interface transmit statistics: Disabled 


Logical interface ge-6/0/0.0 (Index 73) (SNMP ifIndex 509) 


Flags: SNMP-Traps 0x0 
TGS Sie aciSicies 2 
Input bytes 
Output bytes 
Input packets: 
Output packets: 
OC celesieclerasieikest 
Input bytes 
Output bytes 
Input packets: 
Output packets: 
Transit statistics: 
Input bytes 
Output bytes 
Input packets: 
Output packets: 
Security: Zone: HOST 


Allowed host-inbound traffic 

















Encapsulation: ENET2 





a oc oe © 
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Buffer Priority 


usec 
0 low 
0 low 


(Generation 146) 


0 bps 
0 bps 
0 pps 
0 pps 


any-service bfd bgp dvmrp igmp ldp msdp nhrp 


ospf ospf3 pgm pim rip ripng router-discovery rsvp sap vrrp 


Flow Statistics 


Flow Input statistics 


Self packets 0 
ICMP packets 0 
VPN packets 0 
Multicast packets 0 
Bytes permitted by policy 0 
Connections established 0 
Flow Output statistics: 
Multicast packets 0 
Bytes permitted by policy : 0 
Flow error statistics (Packets dropped due to): 
Address spoofing: 0 
Authentication failed: 0 
Incoming NAT errors: 0 


Invalid zone received packet: 





Multiple user authentications: 
Multiple incoming NAT: 
No parent for a gate: 


No one interested in self packets: 





No minor session: 





No more sessions: 

No NAT gate: 

No route present; 

No SA for incoming SPI: 
No tunnel found: 

No session for a gate: 


No zone or NULL zone binding 





Policy denied: 
Security association not active: 
TCP sequence number out of window: 


Syn-attack protection: 





Rey Sey a se ee Ramey EE eye ey eee ey EE te eh 


User authentication errors: 
Protocol inet, MTU: 9178, Generation: 162, Route table: 0 
Flags: Sendbcast-—pkt-to-re 





Addresses, Flags: Is-—Preferred Is—Primary 
DeStaimercioms LO, 1/24, iheeelle LO,l.,1,2, Beosceasics 10, 1.1,255, 


Generation: 176 


Meaning 


The output displays a list of all interface verification parameters. 
Verify the following information in the command output: 


e Physical Interface—ge-6/0/0, enabled, physical link is Up 
e MTU—9192 
e Speed—1000 Mbps 


If the verification parameters are as expected, the configuration is working properly. 


Release History Table 


Release Description 


15.1X49-D10 Starting in Junos OS Release 15.1X49-D10, the 8-Port Gigabit Ethernet SFP XPIM is 
not supported on legacy SRX Series systems. 


15.1X49-D10 Starting in Junos OS Release 15.1X49-D10, the 8-Port Gigabit Ethernet SFP XPIM is 
not supported on legacy SRX Series systems. 
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Port Speed on SRX Series Devices 


SUMMARY 


IN THIS SECTION 


Learn about port speeds, support for multiple port 
speeds, and how to configure port speed on SRX Series 


devives. 


SRX4600 Port Speed Overview 


SRX4600 Port Speed Overview | 292 


Table 23 on page 292 presents the details of SRX4600 port speeds. 


Table 23: Port Speed Details and Description 


Port Location 


FPCO, PICO (ports 
0-3) 


FPC1, PICO (ports 
0-3) 


FPC1, PIC1 (ports 
0-7) 


Number and Type of Ports 


4 chassis cluster ports: 


e 2 fabric (FAB) 
e 2 control (CTL) 


4 100GbE QSFP28 ports or 40GbE QSFP+ 
ports 


8 10GbE SFP+ ports 


Supported Speeds 


e 10 Gbps (default) 
e 1 Gbps (only on CTL ports) 


At port or PIC level: 


e 40 Gbps (default), with QSFP+ optics 
e 100 Gbps, with QSFP28 optics 


e 10 Gbps (default) 
e 1Gbps 


Follow these guidelines when you configure the speed of a port: 
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You need to reboot the chassis cluster for configuration changes (from 10 Gbps to 1 Gbps) to take effect. 
For more details, see speed (Chassis Cluster) for more details. 


To configure all 4OGbE ports use the set chassis fpc 1 pic O pic-mode 10G statement. 


To set only the first two 40GbE ports use the set chassis fpc 1 pic 0 pic-mode 10G number-of-ports 2. 
This configuration sets only the first two ports of 40-Gigabit Ethernet port and disables the last two 
ports. You need to reboot the device for the configuration to take effect. 


You can channelize each 40GbE port into four 1OGbE interfaces by using QSFPP-4X10-GbE optics, 
using suitable breakout cables, and the speed configuration statement. 


Use the speed (Gigabit Ethernet interface) configuration to set 1-Gbps speed. 1-Gbps speed is supported 
only in non-autonegotiation mode. If autonegotiation mode is enabled by default at the remote end, 
then you must disable it. 


You can configure the interface that is already operating in 1OGbE mode to operate in 1GbE mode. 


To prevent oversubscription, configure the number of active ports operating at the configured speed 
by using the number-of-ports statement. The SRX4600 supports a maximum speed of 400 Gbps; the 
speed cannot be oversubscribed. 


If you try to commit an invalid configuration, the configuration gets committed, but the port is not 
activated. This is because Junos OS allows you to configure a port before a line card is inserted. You will 
get an error message in the output of the show chassis alarms command and also in the log messages. 
For example, configuring four 1OOGbE interfaces with eight 1OGbE interfaces is invalid. 


The SRX4600 does not support copper SFP transceivers. 


For information about interface-naming formats for channelized and nonchannelized interfaces and how 


to configure SRX Series devices at port level and PIC level, see Port Speed. 


For more information about SRX4600 devices, see SRX4600 Services Gateway Hardware Guide. 


For information about platforms support, see hardware compatibility tool (HCT). 


To view the port speeds on each PIC, execute the show chassis pic command. 


Interface Naming Conventions 


Table 24 on page 294 describes interface naming convention for a 40GbE interface channelized as four 
10GbE interfaces: 


Table 24: SRX4600 Interface Naming Convention 


Interface Type 


4x10GbE 


Example 
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When the 40GbE port et-1/0/0 is channelized into four 
10GbE interfaces, the channelized interfaces are named 


as follows:: 


xe-1/0/0:0 


xe-1/0/0:1 


xe-1/0/0:2 


xe-1/0/0:3 


Supported Active Physical Ports on SRX4600 to Prevent Oversubscription 


In this scenario, you can configure the port as an active port by using the number-of-ports statement. 


Table 25 on page 294 summarizes the SRX4600 active ports with number-of-ports and port speed configured 


at PIC-level. 
Table 25: SRX4600 Port Speed at PIC level 


Active Ports at PIC Level 


Number 
PIC of Ports 10-Gigabit Ethernet 
PICO 0 - 

1 0 

2 0,1 

3 0, 1,2 


4 0, 1, 2,3 


40-Gigabit Ethernet 


100-Gigabit Ethernet 


0,1 
0, 1, 2 


0,1, 2,3 
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Table 25: SRX4600 Port Speed at PIC level (continued) 


Active Ports at PIC Level 


Number 

PIC of Ports 10-Gigabit Ethernet 40-Gigabit Ethernet 100-Gigabit Ethernet 

PIC 1 0 - = : 
1 (0) - 7 
2 0,1 : “ 
3 0, 1, 2 - - 
4 0, 1, 2,3 - 7 
5 0, 1, 2, 3,4 - - 
6 0,1, 2,3,4,5 4 - 
7 0,1, 2,3,4,5,6 - - 
8 0, 1, 2, 3,4, 5, 6, 7 = = 


Table 26 on page 295 summarizes the maximum number of Gigabit Ethernet ports at PIC and port levels: 
Table 26: Maximum Number of Gigabit Ethernet ports at PIC and Port Level 


Maximum Number of Ports at PIC Mode (on PICO | Maximum Ports Configurable at 


Port Type and PIC1) Port Mode (on PICO and PIC1) 
10GbE 24 20 
16 ports from PIC O and 8 ports from PIC 1. Refers to 12 ports from PIC O and 8 


ports from PIC 1. 


40GbE 4 4 


Only 4 ports from PIC O. PIC 1 supports only 10-Gbps 
speed. 


100GbE 4 4 


Only 4 ports from PIC O. PIC 1 supports only 10-Gbps 
speed. 


For information about oversubscription, see Port Speed. 
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SEE ALSO 


Port Speed 
speed 

show chassis pic 
number-of-ports 
pic-mode 
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Configuring Power over Ethernet 


IN THIS SECTION 


Understanding Power over Ethernet | 296 
Example: Configuring PoE on an Individual Interface | 302 


Example: Configuring PoE on All Interfaces | 306 


Example: Disabling a PoE Interface | 309 


Power over Ethernet (PoE) is the implementation of the IEEE 802.3 AF and IEEE 802.3 AT standards that 
allow both data and electrical power to pass over a copper Ethernet LAN cable. The topics below discuss 
the overview and configuration details of PoE, and disabling a PoE interface on security devices. 


| Understanding Power over Ethernet 


IN THIS SECTION 


@  _SRX Series Services Gateway PoE Specifications | 297 
@ PoE Classes and Power Ratings | 300 
@ PoE Options | 301 
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Power over Ethernet (PoE) is the implementation of the IEEE 802.3 AF and IEEE 802.3 AT standards that 
allow both data and electrical power to pass over a copper Ethernet LAN cable. 


The SRX Series devices support PoE on Ethernet ports. PoE ports transfer electrical power and data to 
remote devices over standard twisted-pair cable in an Ethernet network. PoE ports allow you to plug in 
devices that require both network connectivity and electrical power, such as VoIP and IP phones and 


wireless LAN access points. 


You can configure the SRX Series device to act as power sourcing equipment (PSE), supplying power to 


powered devices that are connected on designated ports. 


This topic contains the following sections: 


SRX Series Services Gateway PoE Specifications 


Table 27 on page 297 lists the PoE specifications for the SRX210, SRX220, SRX240, SRX320, SRX650, and 
SRX550 M devices. (Platform support depends on the Junos OS release in your installation.) 


Table 27: PoE Specifications for the SRX210, SRX220, SRX240, SRX320, and SRX650 Devices 


For For For For For SRX For 
SRX210 SRX220 SRX240 SRX320 550M SRX650 
Satins «= Device Device Device PoE Device device Device 
Supported e IEEE e IEEE e IEEE e IEEE e IEEE e IEEE 802.3 
standards 802.3 AF 802.3 AF 802.3 AF 802.3 AF 802.3 AF AF 
e Legacy e IEEE e IEEE e IEEE e IEEE e IEEE 802.3 
(ae-sancacy) 802.3 AT 802.3 AT 802.3 AT 802.3 AT AT (PoE+) 
(PoE+) (PoE+) (PoE) (PoE+) e Legacy 
e Legacy e Legacy e Legacy e Legacy (ore-standarck) 
(prestanclack) (pre-stanclrch) (prestandarc) (prestandarcly 
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Table 27: PoE Specifications for the SRX210, SRX220, SRX240, SRX320, and SRX650 Devices (continued) 


ports 


For For 
SRX210 SRX220 
Device Device 
Supported Supported 
on two onall8 
Gigabit Gigabit 
Ethernet Ethernet 
ports and ports 

two Fast (ge-0/0/0 to 
Ethernet ge-0/0/7). 
ports 

(ge-0/0/0, 

ge-0/0/1, 

fe-0/0/2, 

and 

fe-0/0/3). 


For 
SRX240 
Device 


Supported 
onall 16 
Gigabit 
Ethernet 
ports 
(ge-0/0/0 to 
ge-0/0/15). 


For 
SRX320 
PoE Device 


Supported 
on all 6 
Copper 
(RJ45) 
Gigabit 
Ethernet 
ports 
(ge-0/0/0 to 
ge-0/0/5). 


For SRX 
550M 
device 


Supported 
on 

16GE-POE 
xPIM card 


For 
SRX650 
Device 


Supported 
on the 
following 
ports: 


e Slot 2 or 6 
on 16 
Gigabit 
Ethernet 
ports 
e ge-2/0/0 
to 
ge-2/0/15 

e ge-6/0/0 
to 


ge-6/0/15 


Slot 2 or 6 
on 24 
Gigabit 
Ethernet 
ports 
e ge-2/0/0 
to 
ge-2/0/23 
e ge-6/0/0 
to 


ge-6/0/23 
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Table 27: PoE Specifications for the SRX210, SRX220, SRX240, SRX320, and SRX650 Devices (continued) 


For For For 


SRX210 SRX220 SRX240 


Setcirs ~=Device Device Device 


Total 50 W 120 W 150 W 
PoE 

power 

sourcing 

capacity 


Default 15.4W 15.4W 15.4W 
per port 

power 

limit 


Mewmum = 30 W 30W 30 W 
per port 

power 

limit 


For 
SRX320 
PoE Device 


180 W 


30 W 


30 W 


For SRX 
550M 
device 


The 645 
watts AC 
and 645 
watts DC 
power 
supplies 
support the 
following 
capacities: 


e 250 watts 
ona single 
power 
supply, or 
with 
redundancy 
using the 
tnoponespy 
option. 

e 500 watts 
with the 
tnoponespy 
option 
operating 
as 
nonreduncent 


15.4W 


30 W 


For 
SRX650 
Device 


The 645 
watts AC 
and 645 
watts DC 
power 
supplies 
support the 
following 
capacities: 


e 250 watts 
on asingle 
power 
supply, or 
with 
redundancy 
using the 
tnoponesy 
option. 

e 500 watts 
with the 
tnoponesyy 
option 
operating 
as 
nonreduncant 


15.4W 


30 W 
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Table 27: PoE Specifications for the SRX210, SRX220, SRX240, SRX320, and SRX650 Devices (continued) 


Spedtains 


Power 


rreresarat 


modes 


For 
SRX210 
Device 


e Static: 
Power 
allocated 
for each 
interface 
can be 
configured. 


e Class: 
Power 
allocated 
for 
interfaces 
is based 
on the 
class of 
powered 
device 
connected. 


For 
SRX220 
Device 


e Static: 
Power 
allocated 
for each 
interface 
can be 
configured. 


e Class: 
Power 
allocated 
for 
interfaces 
is based 
on the 
class of 
powered 
device 
connected. 


PoE Classes and Power Ratings 


For 
SRX240 
Device 


e Static: 
Power 
allocated 
for each 
interface 
can be 


configured. 


e Class: 
Power 
allocated 
for 
interfaces 
is based 
on the 
class of 
powered 
device 


connected. 


For 
SRX320 
PoE Device 


e Static: 
Power 
allocated 
for each 
interface 
can be 
configured. 


e Class: 
Power 
allocated 
for 
interfaces 
is based 
on the 
class of 
powered 
device 
connected. 


For SRX 
550M 
device 


e Static: 
Power 
allocated 
for each 
interface 
can be 


configured. 


e Class: 
Power 
allocated 
for 
interfaces 
is based 
on the 
class of 
powered 
device 


connected. 


For 
SRX650 
Device 


e Static: 
Power 
allocated 
for each 
interface 
can be 
configured. 


e Class: 
Power 
allocated 
for 
interfaces 
is based 
on the 
class of 
powered 
device 
connected. 


A powered device is classified based on the maximum power that it draws across all input voltages and 


operational modes. When class-based power management mode is configured on the SRX Series devices, 


power is allocated taking into account the maximum power ratings defined for the different classes of 


devices. 


Table 28 on page 300 lists the classes and their power ratings as specified by the IEEE standards. 


Table 28: SRX Series Devices PoE Specifications 


Class 


Usage 


Default 


Optional 


Optional 


Minimum Power Levels Output 


from PoE Port 


15.4W 


4.0 W 


7.0W 
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Table 28: SRX Series Devices PoE Specifications (continued) 


Minimum Power Levels Output 


Class Usage from PoE Port 
3 Optional 15.4W 
4 Reserved Class 4 power devices are eligible to 


receive power up to 30 W according 
to IEEE standards. 


PoE Options 


When configuring PoE, you must enable the PoE interface in order for the port to provide power to a 
connected, powered device. In addition, you can configure the following PoE features: 


Port priority—Sets port priority. When it is not possible to maintain power to all connected ports, lower 


priority ports are powered off before higher priority ports. When a new device is connected ona 
higher-priority port, a lower priority port will be powered off automatically if available power is insufficient 
to power on the higher priority port. (For the ports with the same priority configuration, ports on the 
left are given higher priority than the ports on the right.) 


Maximum available wattage power available to a port—Sets the maximum amount of power that can be 
supplied to the port. The default wattage per port is 15.4 watts. 


PoE power consumption logging—Allows logging of per-port PoE power consumption. The telemetries 


section must be explicitly specified to enable logging. If left unspecified, telemetries is disabled by default. 
The default telemetry duration is 1 hour. The default telemetry interval is 5 minutes. 


PoE power management mode—Has two modes: 


e Class—When a powered device is connected to a PoE port, the power allocated to it is equal to the 
maximum power for the class as defined by the IEEE standards. 


e Static—When a powered device is connected to a PoE port, the power allocated to it is equal to the 
maximum power configured for the port. 


Reserve power—Reserves the specified amount of power for the gateway in case of a spike in PoE 


consumption. The default is O. 


SEE ALSO 


Understanding Ethernet Interfaces | 203 


Example: Configuring PoE on All Interfaces | 306 
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Example: Configuring PoE on an Individual Interface | 302 


Example: Disabling a PoE Interface | 309 


| Example: Configuring PoE on an Individual Interface 


IN THIS SECTION 


Requirements | 302 
Overview | 302 
Configuration | 302 


Verification | 304 


This example shows how to configure PoE on an individual interface. 


Requirements 


Before you begin: 


e Configure Ethernet interfaces. See “Example: Creating an Ethernet Interface” on page 208. 


e Configure PoE on all interfaces. See “Example: Configuring PoE on All Interfaces” on page 306. 


Overview 


This example shows how to configure PoE on the ge-0/0/0 interface. In this example, you set the power 
port priority to high and the maximum power available to a port to 15.4 watts. Then you enable the PoE 
power consumption logging with the default telemetries settings, and you set the PoE management mode 
to static. Finally, you set the reserved power to 15 watts in case of a spike in PoE consumption. 


Configuration 


CLI Quick Configuration 

To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set poe interface ge-0/0/0 priority high maximum-power 15.4 telemetries 


set poe management static guard-band 15 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see the Junos OS CLI User Guide. 


To configure PoE: 


1. Enable PoE. 


[edit] 
user@host# edit poe interface ge-0/0/0 


. Set the power port priority. 


[edit poe interface ge-0/0/0] 
user@host# set priority high 


. Set the maximum PoE wattage available for a port. 


[edit poe interface ge-0/0/0] 
user@host# set maximum power 15.4 


. Enable logging of PoE power consumption. 


[edit poe interface ge-0/0/0] 
user@host# set telemetries 


. Set the PoE management mode. 


[edit] 
user@host# set poe management static 


. Reserve power wattage in case of a spike in PoE consumption. 


[edit] 
user@host# set poe guard-band 15 


303 


304 


Results 
From configuration mode, confirm your configuration by entering the show poe interface ge-0/0/0 
command. If the output does not display the intended configuration, repeat the configuration instructions 


in this example to correct it. 


[edit] 
user@host# show poe interface ge-0/0/0 
priority high; 
maximum-power 15.4; 

telemetries; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


@ Verifying the Status of PoE Interfaces | 304 
@ Verifying the Telemetry Data (History) for the Specified Interface | 305 
@ Verifying PoE Global Parameters | 306 


Confirm that the configuration is working properly. 


Verifying the Status of PoE Interfaces 


Purpose 

Verify that the PoE interfaces on the device are enabled and set to the desired priority settings. (The device 
used in this example is the SRX240 or SRX340 Services Gateway, depending on the Junos OS release in 
the installation.) 


Action 
From operational mode, enter the show poe interface ge-0/0/1 command. 


user@host> show poe interface ge-0/0/1 


PoE interface status: 





PoE interface 2 gis-0/ 0/1 





Administrative status : Enabled 


Operational status : Powered-up 


Power limit on the interface : 15.4 W 
Iie aLionealiesy : High 
Power consumed 5 Goo ii 
Class of power device 0 


The show poe interface ge-0/0/1 command lists PoE interfaces configured on the SRX340 device, with 
their status, priority, power consumption, and class. 


Verifying the Telemetry Data (History) for the Specified Interface 


Purpose 


Verify the PoE interface's power consumption over a specified period. 


Action 


From operational mode, enter the show poe telemetries interface command. 


For all records: 


user@host> show poe telemetries interface ge-0/0/1 all 


Sl No Timestamp Power Voltage 

i wie dem Of lig@ieils 2008 Sil WwW 47463 Ww 
2 jee, Jew OA tils4Osils 2009 Si W 427.3 W 
3 Wied vein O4 digs9els 2008) 5.1 Ww 47.3 W 
4 iia, dem O4 ligsssils 2009 0,0 iW O@.@ w 
5 Wii, dein O04 Liles7sls 2009 0.0 W 0. Ww 
6 Wiei dem O4 Lissosis 2009 6.6 W 47.2 VW 
7 wea dea O04 ligsscilS 2009 6.6 W 47.2 Ww 











For a specific number of records: 


user@host> show poe telemetries interface ge-0/0/1 5 


Sl No Timestamp Power Voltage 


1 wei Jam 04 lilsdisis 2009 6.6 Ww 47.2 w 
2 Wea, Jem OA ies0els 2009 6.6 W 47.2 W 
3 wri dam O4 1ils29eils 2009 6.6 W 47.2 W 
A ied, dein 4 ils 2eeils 2009 6.6 WW 47.2 WwW 
& wea dein O04 die27/eilS 2009 6.6 W a7.2 W 


The telemetry status displays the power consumption history for the specified interface, provided telemetry 
has been configured for that interface. 
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Verifying PoE Global Parameters 


Purpose 


Verify global parameters such as guard band, power limit, and power consumption. 


Action 


From operational mode, enter the show poe controller command. 


user@host> show poe controller 


Controller Maximum Power Guard band Management 
index power consumption 
0 150.0 W 0.0 W OW Static 


The show poe controller command lists the global parameters configured on the SRX Series device such 
as controller index, maximum power, power consumption, guard band, and management mode along with 
their status. 


| Example: Configuring PoE on All Interfaces 
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This example shows how to configure PoE on all interfaces. 


Requirements 


Before you begin, configure Ethernet interfaces. See “Example: Creating an Ethernet Interface” on page 208. 
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Overview 


This example shows how to configure PoE on all interfaces on a device. In this example, you set the power 
port priority to low and the maximum power available to a port to 15.4 watts. Then you enable the PoE 

power consumption logging with the default telemetries settings, and you set the PoE management mode 
to static. Finally, you set the reserved power consumption to 15 watts in case of a spike in PoE consumption. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set poe interface all priority low maximum-power 15.4 telemetries 
set poe management static guard-band 15 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see the Junos OS CLI User Guide. 


To configure PoE on all interfaces: 


1. Enable PoE. 


[edit] 
user@host# edit poe interface all 


2. Set the power port priority. 


[edit poe interface all] 
user@host# set priority low 


3. Set the maximum PoE wattage available for a port. 


[edit poe interface all] 
user@host# set maximum-power 15.4 


4. Enable logging of PoE power consumption. 


[edit poe interface all] 
user@host# set telemetries 


5. Set the PoE management mode. 


[edit] 
user@host# set poe management static 


6. Reserve power wattage in case of a spike in PoE consumption. 


[edit] 
user@host# set poe guard-band 15 


Results 


From configuration mode, confirm your configuration by entering the show poe interface all command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 
user@host# show poe interface all 
priority low; 
maximum-power 15.4; 
telemetries; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


Confirm that the configuration is working properly. 
Verifying the Status of PoE Interfaces 
Purpose 


Verify that the PoE interfaces on the device are enabled and set to the desired priority settings. (The device 
used here is the SRX340 Services Gateway.) 


Action 


From operational mode, enter the show poe interface all command. 
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user@host> show poe interface all 


Interface Admin status Oper status Max power Priority Power consumption Class 


ge-0/0/0 Enabled Searching 15.4W Low 0.0W 0 
ge-0/0/1 Enabled Powered-up 15.4W High 6. 6W 0 
ge-0/0/2 Disabled Disabled 15.4W Low 0.0W 0 
ge-0/0/3 Disabled Disabled 15.4W Low 0.0W 0 





The show poe interface all command lists PoE interfaces configured on the SRX320 PoE device, including 
information on status, priority, power consumption, and class. This output shows that the device has four 
PoE interfaces of which two are enabled with default values. One port has a device connected that is 
drawing power within expected limits. 


SEE ALSO 


Understanding Power over Ethernet | 296 
Example: Configuring PoE on an Individual Interface | 302 


Example: Disabling a PoE Interface | 309 


| Example: Disabling a PoE Interface 
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This example shows how to disable PoE on all interfaces or on a specific interface. 


Requirements 


Before you begin: 
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e Configure PoE on all interfaces. See “Example: Configuring PoE on All Interfaces” on page 306. 


e Configure PoE on an individual interface. See “Example: Configuring PoE on an Individual Interface” on 
page 302. 


Overview 


In this example, you disable PoE on all interfaces and on a specific interface, which in this case is ge-0/0/0. 


Configuration 


Step-by-Step Procedure 


To disable PoE on interfaces: 


1. Disable PoE on all interfaces. 


[edit] 
user@host# set poe interface all disable 


2. Disable PoE ona specific interface. 


[edit] 
user@host# set poe interface ge-0/0/0 disable 


3. If you are done configuring the device, commit the configuration. 


[edit] 


user@host# commit 


Verification 


To verify the configuration is working properly, enter the show poe interface command. 


CHAPTER 


Configuring Interface Encapsulation 


Interface Encapsulation Overview | 312 
Configuring GRE Keepalive Time | 319 


Configuring Point-to-Point Protocol over Ethernet | 342 
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Interface Encapsulation Overview 


IN THIS SECTION 


Understanding Physical Encapsulation on an Interface | 312 
Understanding Frame Relay Encapsulation on an Interface | 313 


Understanding Point-to-Point Protocol | 315 


Understanding High-Level Data Link Control | 318 


The below topics discuss the overview of overview of physical encapsulation, frame relay encapsulation, 
point-to-point protocol and high-level data link control. 


| Understanding Physical Encapsulation on an Interface 


Encapsulation is the process by which a lower level protocol accepts a message from a higher level protocol 
and places it in the data portion of the lower level frame. As a result, datagrams transmitted through a 
physical network have a sequence of headers: the first header for the physical network (or Data Link Layer) 
protocol, the second header for the Network Layer protocol (IP, for example), the third header for the 
Transport Layer protocol, and so on. 


The following encapsulation protocols are supported on physical interfaces: 


e Frame Relay Encapsulation. See “Understanding Frame Relay Encapsulation on an Interface” on page 313. 
e Point-to-Point Protocol. See “Understanding Point-to-Point Protocol” on page 315. 


e Point-to-Point Protocol over Ethernet. See “Understanding Point-to-Point Protocol over Ethernet” on 
page 343. 


e High-Level Data Link Control. See “Understanding High-Level Data Link Control” on page 318. 


SEE ALSO 


Understanding Interfaces | 29 
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| Understanding Frame Relay Encapsulation on an Interface 


IN THIS SECTION 


@ “Virtual Circuits | 314 

@ = Switched and Permanent Virtual Circuits | 314 
@ ~~ Data-Link Connection Identifiers | 314 
a 


Congestion Control and Discard Eligibility | 314 


The Frame Relay packet-switching protocol operates at the Physical Layer and Data Link Layer in a network 
to optimize packet transmissions by creating virtual circuits between hosts. Figure 17 on page 313 shows 


a typical Frame Relay network. 


Figure 17: Frame Relay Network 
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Frame Relay Path 


Figure 17 on page 313 shows multiple paths from Host A to Host B. In a typical routed network, traffic is 
sent from device to device with each device making routing decisions based on its own routing table. In 
a packet-switched network, the paths are predefined. Devices switch a packet through the network 
according to predetermined next-hops established when the virtual circuit is set up. 


This topic contains the following sections: 
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Virtual Circuits 


A virtual circuit is a bidirectional path between two hosts in a network. Frame Relay virtual circuits are 
logical connections between two hosts that are established either by a call setup mechanism or by an 
explicit configuration. 


A virtual circuit created through a call setup mechanism is known as a switched virtual circuit (SVC). A 
virtual circuit created through an explicit configuration is called a permanent virtual circuit (PVC). 


Switched and Permanent Virtual Circuits 


Before data can be transmitted across an SVC, a signaling protocol like ISDN must set up a call by the 
exchange of setup messages across the network. When a connection is established, data is transmitted 
across the SVC. After data transmission, the circuit is torn down and the connection is lost. For additional 
traffic to pass between the same two hosts, a subsequent SVC must be established, maintained, and 
terminated. 


Because PVCs are explicitly configured, they do not require the setup and teardown of SVCs. Data can 
be switched across the PVC whenever a host is ready to transmit. SVCs are useful in networks where data 
transmission is sporadic and a permanent circuit is not needed. 


Data-Link Connection Identifiers 


An established virtual circuit is identified by a data-link connection identifier (DLCI). The DLCI is a value 
from 16 through 1022. (Values 1 through 15 are reserved.) The DLCI uniquely identifies a virtual circuit 
locally so that devices can switch packets to the appropriate next-hop address in the circuit. Multiple paths 
that pass through the same transit devices have different DLCls and associated next-hop addresses. 


Congestion Control and Discard Eligibility 


Frame Relay uses the following types of congestion notification to control traffic within a Frame Relay 
network. Both are controlled by a single bit in the Frame Relay header. 


e Forward explicit congestion notification (FECN) 


e Backward explicit congestion notification (BECN) 


Traffic congestion is typically defined in the buffer queues on a device. When the queues reach a predefined 
level of saturation, traffic is determined to be congested. When traffic congestion occurs in a virtual circuit, 
the device experiencing congestion sets the congestion bits in the Frame Relay header to 1. As a result, 
transmitted traffic has the FECN bit set to 1, and return traffic on the same virtual circuit has the BECN 
bit set to 1. 
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When the FECN and BECN bits are set to 1, they provide a congestion notification to the source and 
destination devices. The devices can respond in either of two ways: to control traffic on the circuit by 
sending it through other routes, or to reduce the load on the circuit by discarding packets. 


If devices discard packets as a means of congestion (flow) control, Frame Relay uses the discard eligibility 
(DE) bit to give preference to some packets in discard decisions. A DE value of 1 indicates that the frame 
is of lower importance than other frames and more likely to be dropped during congestion. Critical data 
(such as signaling protocol messages) without the DE bit set is less likely to be dropped. 


| Understanding Point-to-Point Protocol 


IN THIS SECTION 


Link Control Protocol | 315 

PPP Authentication | 316 
Network Control Protocols | 317 
Magic Numbers | 317 


CSU/DSU Devices | 317 


The Point-to-Point Protocol (PPP) is an encapsulation protocol for transporting IP traffic across 
point-to-point links. PPP is made up of three primary components: 


e Link Control Protocol (LCP)—Establishes working connections between two points. 
e Authentication protocol—Enables secure connections between two points. 


e Network control protocol (NCP)—Initializes the PPP protocol stack to handle multiple Network Layer 
protocols, such as IPv4, IPv6, and Connectionless Network Protocol (CLNP). 


This topic contains the following sections: 


Link Control Protocol 


LCP is responsible for establishing, maintaining, and tearing down a connection between two endpoints. 
LCP also tests the link and determines whether it is active. LCP establishes a point-to-point connection 
as follows: 


1. LCP must first detect a clocking signal on each endpoint. However, because the clocking signal can be 
generated by a network clock and shared with devices on the network, the presence of a clocking signal 
is only a preliminary indication that the link might be functioning. 


2. When a clocking signal is detected, a PPP host begins transmitting PPP Configure-Request packets. 


3. If the remote endpoint on the point-to-point link receives the Configure-Request packet, it transmits 
a Configure-Acknowledgement packet to the source of the request. 


4. After receiving the acknowledgement, the initiating endpoint identifies the link as established. At the 
same time, the remote endpoint sends its own request packets and processes the acknowledgement 
packets. In a functioning network, both endpoints treat the connection as established. 


During connection establishment, LCP also negotiates connection parameters such as FCS and HDLC 
framing. By default, PPP uses a 16-bit FCS, but you can configure PPP to use either a 32-bit FCS or a O-bit 
FCS (no FCS). Alternatively, you can enable HDLC encapsulation across the PPP connection. 


After a connection is established, PPP hosts generate Echo-Request and Echo-Response packets to maintain 
a PPP link. 


PPP Authentication 


PPP’s authentication layer uses a protocol to help ensure that the endpoint of a PPP link is a valid device. 
Authentication protocols include the Password Authentication Protocol (PAP), the Extensible Authentication 
Protocol (EAP), and the Challenge Handshake Authentication Protocol (CHAP). CHAP is the most commonly 
used. 


NOTE: Support for user id and the password to comply with full ASCII character set is supported 
through RFC 2486. 


The user can enable or disable the RFC 2486 support under the PPP options. The RFC 2486 is 
disabled by default, and enable the support globally use the command set access ppp-options 
compliance rfc 2486”. 


CHAP ensures secure connections across PPP links. After a PPP link is established by LCP, the PPP hosts 
at either end of the link initiate a three-way CHAP handshake. Two separate CHAP handshakes are required 
before both sides identify the PPP link as established. 


CHAP configuration requires each endpoint on a PPP link to use a shared secret (password) to authenticate 
challenges. The shared secret is never transmitted over the wire. Instead, the hosts on the PPP connection 
exchange information that enables both to determine that they share the same secret. Challenges consist 
of a hash function calculated from the secret, a numeric identifier, and a randomly chosen challenge value 
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that changes with each challenge. If the response value matches the challenge value, authentication is 
successful. Because the secret is never transmitted and is required to calculate the challenge response, 
CHAP is considered very secure. 


PAP authentication protocol uses a simple two-way handshake to establish identity. PAP is used after the 
link establishment phase (LCP up), during the authentication phase. Junos OS can support PAP in one 
direction (egress or ingress), and CHAP in the other. 


Network Control Protocols 


After authentication is completed, the PPP connection is fully established. At this point, any higher level 
protocols (for example, IP protocols) can initialize and perform their own negotiations and authentication. 


PPP NCPs include support for the following protocols. IPCP and IPv6CP are the most widely used on SRX 
Series devices. 


e |PCP—IP Control Protocol 
e IPv6CP—IPv6 Control Protocol 
e OSINLCP—OSI Network Layer Control Protocol (includes IS-IS, ES-1S, CLNP, and IDRP) 


Magic Numbers 


Hosts running PPP can create “magic” numbers for diagnosing the health of a connection. A PPP host 
generates a random 32-bit number and sends it to the remote endpoint during LCP negotiation and echo 
exchanges. 


In a typical network, each host's magic number is different. A magic number mismatch in an LCP message 
informs a host that the connection is not in loopback mode and traffic is being exchanged bidirectionally. 
If the magic number in the LCP message is the same as the configured magic number, the host determines 
that the connection is in loopback mode, with traffic looped back to the transmitting host. 


Looping traffic back to the originating host is a valuable way to diagnose network health between the host 
and the loopback location. To enable loopback testing, telecommunications equipment typically supports 
channel service unit/data service unit (CSU/DSU) devices. 


CSU/DSU Devices 


A channel service unit (CSU) connects a terminal to a digital line. A data service unit (DSU) performs 
protective and diagnostic functions for a telecommunications line. Typically, the two devices are packaged 
as asingle unit. A CSU/DSU device is required for both ends of a T1 or T3 connection, and the units at 
both ends must be set to the same communications standard. 


A CSU/DSU device enables frames sent along a link to be looped back to the originating host. Receipt of 
the transmitted frames indicates that the link is functioning correctly up to the point of loopback. By 


configuring CSU/DSU devices to loop back at different points in a connection, network operators can 
diagnose and troubleshoot individual segments in a circuit. 


| Understanding High-Level Data Link Control 


IN THIS SECTION 


@ HDLC Stations | 318 
@ ~~ HDLC Operational Modes | 318 


High-Level Data Link Control (HDLC) is a bit-oriented, switched and nonswitched link-layer protocol. 
HDLC is widely used because it supports half-duplex and full-duplex connections, point-to-point and 
point-to-multipoint networks, and switched and nonswitched channels. 


This topic contains the following sections: 


HDLC Stations 


Nodes within a network running HDLC are called stations. HDLC supports three types of stations for data 


link control: 


to allow data transmission from secondary stations. 


cannot control data transmission across the link with the primary station, are active only when requested 
by the primary station, and can respond to the primary station only (not to other secondary stations). 


All secondary station frames are response frames. 


stations can send and receive commands and responses without any permission from any other stations 


on the link and cannot be controlled by any other station. 


HDLC Operational Modes 


HDLC runs in three separate modes: 


Primary stations—Responsible for controlling the secondary and combined other stations on the link. 
Depending on the HDLC mode, the primary station is responsible for issuing acknowledgement packets 


Secondary stations—Controlled by the primary station. Under normal circumstances, secondary stations 


Combined stations—A combination of primary and secondary stations. On an HDLC link, all combined 
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e Normal Response Mode (NRM)—The primary station on the HDLC link initiates all information transfers 
with secondary stations. A secondary station on the link can transmit a response of one or more 
information frames only when it receives explicit permission from the primary station. When the last 
frame is transmitted, the secondary station must wait for explicit permission before it can transmit more 
frames. 


NRM is used most widely for point-to-multipoint links, in which a single primary station controls many 
secondary stations. 


Asynchronous Response Mode (ARM)—The secondary station can transmit either data or control traffic 
at any time, without explicit permission from the primary station. The primary station is responsible for 


error recovery and link setup, but the secondary station can transmit information at any time. 


ARM is used most commonly with point-to-point links, because it reduces the overhead on the link by 
eliminating the need for control packets. 


Asynchronous Balance Mode (ABM)—Alll stations are combined stations. Because no other station can 


control a combined station, all stations can transmit information without explicit permission from any 
other station. ABM is not a widely used HDLC mode. 


Configuring GRE Keepalive Time 


IN THIS SECTION 


Understanding GRE Keepalive Time | 320 
Configuring GRE Keepalive Time | 320 

Example: GRE Configuration | 325 

Example: Configuring GRE over IPsec Tunnels | 331 


Example: Configuring a GRE Tunnel When the Tunnel Destination Is in a Routing Instance | 336 


Generic routing encapsulation (GRE) tunnel interfaces do not have a built-in mechanism for detecting 
when a tunnel is down. Keepalive messages help the GRE tunnel interfaces to detect when a tunnel is 
down. The topics below discuss the working and configuration of GRE keepalive time. 
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| Understanding GRE Keepalive Time 


Generic routing encapsulation (GRE) tunnel interfaces do not have a built-in mechanism for detecting 
when a tunnel is down. You can enable keepalive messages to serve as the detection mechanism. 


Keepalive times are only configurable for the ATM-over-ADSL interface, which is no longer supported on 
SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550MM starting in Junos OS Release 15.1X49-D10. 
Keepalive times are enabled by default for other interfaces. 


Keepalives can be configured on the physical or on the logical interface. If configured on the physical 
interface, keepalives are sent on all logical interfaces that are part of the physical interface. If configured 
on a individual logical interface, keepalives are only sent to that logical interface. In addition to configuring 
a keepalive, you must configure the hold time. 


You can configure the keepalives on a generic routing encapsulation (GRE) tunnel interface by including 
both the keepalive-time statement and the hold-time statement at the [edit protocols oam gre-tunnel 
interface interface-name] hierarchy level. 


NOTE: For proper operation of keepalives on a GRE interface, you must also include the family 
inet statement at the [edit interfaces interface-name unit unit] hierarchy level. If you do not 
include this statement, the interface is marked as down. 


SEE ALSO 


keepalive-time 
hold-time 


Configuring GRE Keepalive Time 


IN THIS SECTION 


@ Configuring Keepalive Time and Hold time for a GRE Tunnel Interface | 321 
@ Display GRE Keepalive Time Configuration | 322 


@ Display Keepalive Time Information on a GRE Tunnel Interface | 322 
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Keepalive times are only configurable for the ATM-over-ADSL interface, which is no longer supported on 
SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550MM starting in Junos OS Release 15.1X49-D10. 


Configuring Keepalive Time and Hold time for a GRE Tunnel Interface 
You can configure the keepalives on a generic routing encapsulation (GRE) tunnel interface by including 


both the keepalive-time statement and the hold-time statement at the [edit protocols oam gre-tunnel 
interface interface-name] hierarchy level. 


NOTE: For proper operation of keepalives on a GRE interface, you must also include the family 
inet statement at the [edit interfaces interface-name unit unit] hierarchy level. If you do not 
include this statement, the interface is marked as down. 


To configure a GRE tunnel interface: 


1. Configure the GRE tunnel interface at [edit interfaces interface-name unit unit-number] hierarchy level, 
where the interface name is gr-x/y/z, and the family is set as inet. 


user@host# set interfaces interface-name unit unit-number family family-name 


2. Configure the rest of the GRE tunnel interface options based on requirement. 


To configure keepalive time for a GRE tunnel interface: 


1. Configure the Operation, Administration, and Maintenance (OAM) protocol at the [edit protocols] 
hierarchy level for the GRE tunnel interface. 


[edit] 
user@host# edit protocols oam 


2. Configure the GRE tunnel interface option for OAM protocol. 


[edit protocols oam] 
user@host# edit gre-tunnel interface interface-name 


3. Configure the keepalive time from 1 through 50 seconds for the GRE tunnel interface. 


[edit protocols oam gre-tunnel interface interface-name] 
user@host# set keepalive-time seconds 
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4. Configure the hold time from 5 through 250 seconds. Note that the hold time must be at least twice 


the keepalive time. 


[edit protocols oam gre-tunnel interface interface-name] 
user@host# set hold-time seconds 


Display GRE Keepalive Time Configuration 


Purpose 
Display the configured keepalive time value as 10 and hold time value as 30 on a GRE tunnel interface 
(for example, gr-1/1/10.1): 


Action 
To display the configured values on the GRE tunnel interface, run the show oam gre-tunnel command at 


the [edit protocols] hierarchy level: 


[edit protocols] 
user@host# show oam gre-tunnel 
interface gr-1/1/10.1 { 
keepalive-time 10; 
hold-time 30; 


Display Keepalive Time Information on a GRE Tunnel Interface 


Purpose 
Display the current status information of a GRE tunnel interface when keepalive time and hold time 


parameters are configured on it and when the hold time expires. 


Action 

To verify the current status information on a GRE tunnel interface (for example, gr-3/3/0.3), run the show 
interfaces gr-3/3/0.3 terse and show interfaces gr-3/3/0.3 extensive operational commands. 

show interfaces gr-3/3/0.3 terse 


user@host> show interfaces gr-3/3/0.3 terse 


Interface Admin Link Proto 


Local Remote 
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gre s/f 3/0. 3 up up inet 
ADO oil fZ24 


mpls 


show interfaces gr-3/3/0.3 extensive 


user@host> show interfaces gr-3/3/0.3 extensive 


Logical interface gr-3/3/0.3 (Index 73) (SNMP ifIndex 594) (Generation 900) 


Flags: Point-To-Point SNMP-Traps 0x4000 
TP-Header 10.1.19.11:10.1.19.12:47:df:64:0000000000000000 Encapsulation: GRE-NULL 








Gre keepalives configured: On, Gre 


keepalives adjacency state: down 


AKRARAKRKRAARAKRAKRARARARAARADARAARARARADARAARARARAARAKAAKRARARARARAAKRKRARAARAAAKRARARAAKRARAAARARAARRN 


Weeseieshe SieeieslSicwes s 


Input bytes : IL GAD) SZ) 
Output bytes : WS SL 27S) 
Input packets: 243813 
Output packets: 179476 


LOG Sisk astLess 


Input bytes : LI SLZZ 6 
Output bytes : SGA IL 3}S)'S) 
Input packets: 238890 
Output packets: 174767 


TRAMSING SEIELSCLSS 2 


Input bytes : 307406 0 bps 
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Output bytes : 290914 0 bps 
Input packets: 4923 O pps 
Output packets: 4709 0 pps 


Protocol inet, MTU: 1476, Generation: 1564, Route table: 0 


Flags: Sendbcast—pkt-to-re 





Addresses, Flags: Dest-route-down Is-—Preferred Is-—Primary 


AKRKAKAKRARKRAAKAKRAKRARARAAKARAARAKRAAKRAKRAAAAKRARARAKRARAAARA 


Dasicslingicieme 200 ,1,3/24, hecaie 200,13 1, iBieesieleasic 2 
AW 1 S255, Esiasicsicayoins L566 


Protocol mpls, MTU: 1464, Maximum labels: 3, Generation: 


1565, Route table: 0 


NOTE: 
When the hold time expires: 


e The GRE tunnel will stay up even though the interface cannot send or receive traffic. 


e The Link status will be Up and the Gre keepalives adjacency state will be Down. 


Meaning 
The current status information of a GRE tunnel interface with keepalive time and hold time parameters is 
displayed as expected when the hold time expires. 
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| Example: GRE Configuration 


Generic routing encapsulation (GRE) is an IP encapsulation protocol that is used to transport packets over 
a network. Information is sent from one network to the other through a GRE tunnel. GRE encapsulates a 
payload as a GRE packet. This GRE packet is encapsulated in an outer protocol (delivery protocol). GRE 
tunnel endpoints forward payloads into GRE tunnels for routing packets to the destination. After reaching 
the end point, GRE encapsulation is removed and the payload is transmitted to its final destination. The 
primary use of GRE is to carry non-IP packets through an IP network; however, GRE is also used to carry 
IP packets through an IP cloud. 


Requirements 


Configure a GRE (gr-) interface. The gr- interface contains a local address and destination address. It 


comes up as soon as it is configured. You can even configure an IP address on the gr- interface. 


Configure a route to reach the destination subnet (end-to-end connectivity). You can configure either 
a static route through the gr- interface or use an interior gateway protocol (IGP) such as OSPF. 


Overview 


GRE tunnels are designed to be completely stateless, which means that each tunnel endpoint does not 
keep any information about the state or availability of the remote tunnel endpoint. Normally, a GRE tunnel 
interface comes up as soon as it is configured, and it stays up as long as there is a valid tunnel source 
address or interface that is up. 
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Configuration 


By default, the local subnet interface is ge-O/0/0 with IPv4 address as 10.10.11.1/24. The destination 
subnet is 10.10.10.0/24 with the tunnel endpoint IPv4 interface as 10.10.10.1/24. 


Figure 18 on page 326 shows the default configuration between the tunnel interfaces on SRX series devices. 


Figure 18: GRE Configuration 


gr-0/0/0.0 GR Tunnel gr-0/0/0.0 
192.168... 192.168.1.2 


ge-0/0/0.0 — ge-0/0/0.0 
10.10.14.1 = ge-0/0/1.0 = ge-0/0/2.0 = 10.10.101.1 


ge-0/0/1.0 = ge-0/0/1.0 





SRX Series 
SRX-1 SRX-2 SRX-3 
1.1.1.0/24 2.2.2.0/24 
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Configuring a Route to Reach the Destination Subset 


Step-by-Step Procedure 


You can either configure a static route through the gr- interface or by using IGP. 


1. Configure the local subnet interface ge-0/0/0 interface. 


[edit interfaces] 
user@host# set interfaces ge-0/0/0 unit O family inet address 10.10.11.1/24 


2. Configure the interface ge-0/0/1. 


[edit interfaces] 
user@host# set interfaces ge-0/0/1 unit 0 family inet address 1.1.1.1/24 


3. Configure the gr- tunnel endpoints and specify the source address, destination address, and family as 
inet for the tunnel endpoints. 


[edit interfaces] 
user@host# set interfaces gr-0/0/0 unit 0 tunnel source 1.1.1.1 destination 2.2.2.1 
user@host# set interfaces gr-0/0/0 unit O family inet address 192.168.1.1/24 


4. The configured interfaces are bound to a security zone at the [edit security] hierarchy level. Use the 
show zones command to view the zones. Configure the zones as follows: 
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[edit security zones security-zones trust]] 

user@host# set host-inbound-traffic system-services all 
user@host# set host-inbound-traffic protocols all 
user@host# set interfaces gr-0/0/0.0 

user@host# set zones zone names protocols all 


[edit security zones security-zones untrust]] 
user@host# set host-inbound-traffic system-services all 
user@host# set host-inbound-traffic protocols all 


5. View the configured interfaces at the [edit interfaces] hierarchy level using the show command. 


[edit interfaces] 
user@host# set routing options static route 10.10.10.0/24 next hop gr-0/0/0.0 


6. In case you do not want to define a static route, OSPF can be configured between gr-0/0/0 interfaces 
on both the sides and internal subnet as passive neighbor, to receive all the internal routes. Configure 
OSPF at the [edit protocols] hierarchy level and view it using the show command. 


[edit protocols] 
user@host# set protocols ospf area 0.0.0.0 interface gr-0/0/0.0 


Results 
In configuration mode, confirm your configuration on the devices by entering the show command. If the 
output does not display the intended configuration, repeat the configuration instructions in this example 


to correct it. 


GRE configuration using the static route: 


[edit interfaces] 
root@SRX-1# show 
ge-0/0/0 { 
unit O { 
family inet { 
adcleass 10.10, li 1/249 


Gie-O/0/O 4 


winalic O 4 
tunnel { 
Souece i, ii, ip 
Ge sieanachteslt@ meee nln 
} 
family inet { 
aiclelaass 192, 168), 1, i1/2ae 


ge-0/0/1 { 
unit O { 
family inet { 
aderass i, i,i.,i1/24e 


[edit security] 
root@SRX-1# show 
zones { 
security-zone trust { 
INOSE=iLidloo (biol —eieeue ILS 4 
system-services { 
aul 
} 
protocols { 
alLilp 


} 


interfaces { 
Cia OV OPO O ly 


root@SRX-1l# show routing-options 


static { 


route 10.10.10.0/24 next-hop gr-0/0/0.0; 


GRE configuration using OSPF configured between interfaces gr-0/0/0 on both sides and internal subnet 


as passive neighbor: 
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[edit protocols] 
root@SRX-1# show 
Osioue 4 
area 0.0.0.0 { 
interface gr-0/0/0.0; 
interface ge-0/0/0.0 { 


passive; 


Verification 


IN THIS SECTION 


@ Verification of the GRE Interfaces | 329 
@ Verification of the Route | 330 
@ Verification of Traffic Through GRE Tunnel | 330 


To verify that the configuration of GRE on the SRX Series device is successful, perform the following tasks: 


Verification of the GRE Interfaces 


Purpose 


Verify that the GRE interfaces are up. 
Action 


Run the show interfaces command at the [edit interfaces] hierarchy level: 


show interfaces gr-0/0/0 terse 


[edit interfaces] 

Interface Admin Link Proto Local Remote 
gr-0/0/0 up up 

gr—-0/0/0.0 up up inet 192.168.1.1/24 
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Verification of the Route 


Purpose 


Verify that the route for the destination network is reachable through the GRE tunnel interface. 


Action 


Run the show route forwarding-table matching 10.10.10.0/24 command at the [edit interfaces] hierarchy 
level: 


[edit interfaces] 


user@router# run show route forwarding-table matching 10.10.10.0/24 


Routing table: default.inet 


LIME SHEMENE 8 
Destination Type RtRef Next hop Type Index NhRef Netif 
I . 10). 110) .0/24 user 0 ucst 5yS)5) 2 Ge=0/'O/O.0 


Verification of Traffic Through GRE Tunnel 


Purpose 


Send the traffic to the destination subnet and verify when the GRE interface is up. 


Action 


Run the show interfaces gr-0/0/0 extensive operational command. Also verify that the packets are leaving 
through the gr- interface. 


user@host> show interfaces gr-0/0/0 extensive 


Physical interface: gr-0/0/0, Enabled, Physical link is Up 
Interface index: 134, SNMP ifIndex: 40, Generation: 17 








Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: 800mbps 
Hold-times : Up 0 ms, Down O ms 

Device flags : Present Running 

Interface flags: Point-—To-Point SNMP-Traps 

Siedietse lke sme clsteleared 2.005 — OCS Oome2e-1s,9 104 iC mm (OOOO ace) 
AbigGuEIE ae’ (Sie ehealsiie ALCS} 2 

Input bytes : 8400 O bps 

Output bytes : 8400 0 bps 

Input packets: 100 O pps 

Output packets: 100 0 pps 


Logical interface gr-0/0/0.0 


(Index 72) (SNMP if Index 28) 
Flags: Point-To-Point SNMP-Traps 16384 


WP eiSewolsre A)5 h e AS 1), tha dl gay Gehe 34 SOOO MMO OOOO 





Encapsula 


WHEELS S 


tion: GRE-NULL 





EQELSIE LCS 


Input bytes : 8400 


Output by 
ikinysyblic, jexeke: 
Output pa 


Local sta 


tes : 8400 
kets: 100 
ckets: 100 


EL Sic ses & 


Input bytes : 0 


Output by 
iiayoiene, jexeke! 


tes : 0 


kets: 0 


Output packets: 0 


Transit s 


Input bytes 


Output by 
Input pac 


EBC aL Sic LC's} 8 

8400 0 bps 
tes : 8400 0 bps 
kets: 100 0 pps 





Output packets: 100 O pps 


Protocol 


inet, MTU: 1476, Generation: 


Flags: None 


Addresses 


, Flags: Is-Primary 


25, Route table: 0 


(Generation 17) 


Destination: Unspecified, Local: 100.1.1.1, Broadcast: Unspecified, 


Generation: 30 


SEE ALSO 


Generic Routing Encapsulation (GRE) 


Understanding Generic Routing Encapsulation 


Verifying That Generic Routing Encapsulation Tunneling Is Working Correctly 


| Example: Configuring GRE over IPsec Tunnels 


Overview 


GRE tunnels offer minimal security, whereas an IPsec tunnel offers enhanced security in terms of 
confidentiality, data authentication, and integrity assurance. Also, [IPsec cannot directly support multicast 
packets. However, if an encapsulated GRE tunnel is used first, an IPsec tunnel can then be used to provide 
security to the multicast packet. In a GRE over IPsec tunnel, all of the routing traffic (IP and non-IP) can 
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be routed through. When the original packet (IP/non-IP) is GRE encapsulated, it has an IP header as defined 
by the GRE tunnel, normally the tunnel interface IP addresses. The IPsec protocol can understand the IP 
packet; so it encapsulates the GRE packet to make it GRE over IPsec. 


The basic steps involved in configuring GRE over IPsec are as follows: 


e Configure the route-based IPsec tunnel. 
e Configure the GRE tunnel. 
e Configure a static route with the destination as the remote subnet through the gr- interface. 


e Configure the static route for the GRE endpoint with the stO interface as next hop. 


Configuration 


IN THIS SECTION 


@ Configuring a GRE interface over an IPsec tunnel | 332 


@ Results | 333 


In this example, the default configuration has the local subnet interface as ge-0/0/0 with the IPv4 address 
as 10.10.11.1/24. The destination subnet is 10.10.10.0/24. The gr-0/0/0 interface tunnel endpoints are 
loopback addresses on both the sides, with the local loopback IPv4 address as 172.20.1.1 and the remote 
loopback IPv4 address as 172.20.1.2. The gr-0/0/0, stO and loO interfaces are bound to a security zone 
and policies are created accordingly. Refer to Example: GRE Configuration for more information. 


Configuring a GRE interface over an IPsec tunnel 


Step-by-Step Procedure 


1. Configure the GRE at the [set interfaces interface-name unit unit-number] hierarchy level, where the 
interface name is ge-0/0/0, and the family is set as inet. 


[edit interfaces] 
user@host# set interfaces ge-0/0/0 unit 0 family inet address 10.10.11.1/24 


2. Configure the gr- tunnel endpoints and specify the source address, destination address, and family as 
inet for the tunnel endpoints. 


[edit interfaces] 
user@host# set interfaces gr-0/0/0 unit 0 tunnel source 172.20.1.1 destination 172.20.1.2 


user@host# set interfaces gr-0/0/0 unit O family inet 192.168.1.1/24 


3. Similarly configure the loO and stO interface with the family set as inet. 


[edit interfaces] 
user@host# set interfaces lo0 unit 0 family inet address 172.20.1.1/32 


[edit interfaces] 
user@host# set interfaces stO unit O family inet 


4. Confifure the GRE interfaces with security zones. Use the show zones command to view the zones, 
where the configured tunnel interfaces, loO and stO are displayed. 


[edit security zones security-zones trust]] 

user@host# set host-inbound-traffic system-services all 
user@host# set host-inbound-traffic protocols all 
user@host# set interfaces gr-0/0/0.0 

user@host# set zones zone names protocols all 
user@host# set interfaces 100.0 

user@host# set interfaces st0.0 


[edit security zones security-zones untrust]] 
user@host# set host-inbound-traffic system-services all 
user@host# set host-inbound-traffic protocols all 
user@host# set interfaces gr-0/0/0.0.1 

user@host# set interfaces lo0.0 

user@host# set interfaces st0.0 


Results 


In configuration mode, confirm your interface configuration by entering the show command. The configured 
interfaces are bound to a security zone at the [edit security] hierarchy level. Use the show zones command 
to view the zones, where the configured interfaces (gr-, st0.0, and loO) are displayed. If the output does 

not display the intended configuration, repeat the configuration instructions in this example to correct it. 


Parameters for configuring the GRE interfaces: 


user@host> show interfaces 
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ge-0/0/0 { 
wince O 4 
family inet { 
adcirass 1010. li, 1/246 


gr-0/0/0 { 
Binawie O 4 

tunnel { 
sources 172.20). 1. ils 
Cesicdinaicsom 17220. 1.25 

} 

family inet { 
adelieass 192, os), 1/2 


Leo) 4 
wine O ff 
family inet { 
access 172,20. 1, 1/ sep 


Seo 4 
unit O { 


family inet; 


[edit] 
root@Juniper# show 
routing-options { 
Sieciteslec mat 
route 10.10.10.0/24 next-hop gr-0/0/0.0; 
wows LIZ ,.20, 1.2/32 inesxic—incjo sic. 0; 


Parameters for configuring the GRE interfaces with security zones: 
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[edit security] 

root@Juniper# show 

zones { 

security-zone trust { 
INO SIE LiMo UNCC Ieee IES 
system-services { 
alLilp 

} 


protocols { 
@uliJlp 


} 

interfaces { 
Cie OV Oana Ory 
HO OR OF) 
Sep Os 


Verification 


Verification of the IPsec Tunnel 


Purpose 


Verify that the IPsec tunnel is up. 


Action 


Run the commands show security ike security-associations and show security ipsec security-associations 
commands. 


SEE ALSO 


Generic Routing Encapsulation (GRE) 
Understanding Generic Routing Encapsulation 


Verifying That Generic Routing Encapsulation Tunneling Is Working Correctly 
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Example: Configuring a GRE Tunnel When the Tunnel Destination Is in a 


Routing Instance 


Overview 


You can configure a GRE tunnel when the tunnel destination is in a default routing instance or non-default 
routing instance. Configuration of a GRE tunnel requires defining the tunnel source and the tunnel 
destination addresses. If the tunnel destination is in a routing instance, and there is more than one routing 
instance present, you need to specify the correct routing instance and also the routing table to be used 
to reach the configured tunnel destination address. 


NOTE: The tunnel destination address is by default considered to be reachable using the default 
routing table "inet.O". 


Configuration 


IN THIS SECTION 


@ = Configuring a GRE Tunnel When the Tunnel Destination Is in a Default Routing Instance | 336 
@ Configuring a GRE Tunnel When the Tunnel Destination Is in a Non-default Routing Instance | 337 


@ Results | 338 


In this example, you can configure a GRE tunnel between the gr- interfaces on SRX Series devices with 
two instances. The instances are when the tunnel destination is in a default routing instance and when 
the tunnel destination is in a non-default routing instance. 

Configuring a GRE Tunnel When the Tunnel Destination Is ina Default Routing Instance 


This example uses the default routing instance to reach the tunnel destination. Because of this, the routing 


table inet.O is used by default. 


Step-by-Step Procedure 


1. Specify the source and destination address of the tunnel. 


[edit interfaces] 
user@host# set interfaces gr-0/0/0 unit 0 tunnel source 172.16.0.1 destination 10.10.1.2 
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user@host# set interfaces gr-0/0/0 unit 0 family inet 192.168.100.1/30; 


2. Configure the ge- interface and loO interface with the family set as inet. 


[edit interfaces] 
user@host# set interfaces ge-0/0/0 unit 0 family inet address 172.30.73.56/24 
user@host# set interfaces lo0 unit 0 family inet address 172.16.0.1/32 


3. Configure the GRE tunnel interface for routing options as mentioned in the “GRE Configuration” on 
page 326 topic. 


Configuring a GRE Tunnel When the Tunnel Destination Is ina Non-default Routing Instance 


For a non-default routing instance, ensure that you have already configured the gr-0/0/0 interface. 


Step-by-Step Procedure 
1. Configure the GRE tunnel with the gr-0/00 interface and family set as inet. 


[edit interfaces] 
user@host# set interfaces gr-0/00 unit 0 family inet address 


2. Specify the source and destination address of the tunnel. 


[edit interfaces] 
user@host# set interfaces gr-0/0/0 unit 0 tunnel source 172.16.0.1 tunnel destination 10.10.1.2 family inet 
192.168.100.1/30; 


3. Configure the ge- interface and loO interface with the family set as inet. 


[edit interfaces] 
user@host# set interfaces ge-0/0/0 unit O family inet address 172.30.73.56/24 
user@host# set interfaces lo0 unit 0 family inet address 172.16.0.1/32 


4. Configure the routing instances used for the tunnel interface. 


[edit routing-instances] 

user@host# set routing-instances test instance-type virtual-router 

user@host# set routing-instances test routing-options static route 10.10.1.2/32 next-hop 172.30.73.57 
user@host# set routing-instances test interface ge-0/0/0.0 


338 


5. Configure the routing-instance for GRE tunnel interfaces. 


[edit interfaces] 


user@host# set interfaces gr-0/0/0 unit 0 tunnel routing-instance destination test 


6. Add the static route for tunnel destination. 


[edit interfaces] 


user@host# set routing-options static route 10.10.1.2/32 next-table test.inet.0 


NOTE: When the SRX Series device is in packet mode, you do not need to configure a static 
route to make the tunnel destination reachable from inet.0. However, you still need to specify 
the correct routing instance under the gr-0/0/0 interface. 


Results 


In configuration mode, confirm your configuration on the devices by entering the show command. If the 


output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


When the tunnel destination is in a default routing instance: 


interfaces { 
gr-0/0/0 { 
ibbom mom Oneal 

tunnel { 
Sous 7216.0. ils 
Coste stinetic soya 0), 0), 2s 

} 

family inet { 


addresisn 192.68 00 1/30 


} 
ge-0/0/0 { 
Binaic O ff 
family inet { 


acddresismll/ Zee Omics mbioA4r 


} 
Leo 4 
wimaie 0) ff 
family inet { 
aclokaass 172, 16.0. l/ sep 


} 
routing-options { 
Statere 
eowicS IO, 1, 2/32 imexdeincys 172,350.73, 575 


destination is reachable from default routing-instance 


} 
routing-instances { 
test { 
instance-type virtual-router; 
interface gr-0/0/0.0; 


routing-options { 


When the tunnel destination is in a non-default routing instance: 


interfaces { 
gr-0/0/0 { 
unit O { 
tunnel { 
SOURCES ILV/2516,0. i 
Cestinaciom IM, 10,1,2¢ 
routing-instance { 
destination test; 
Routing-instance to reach tunnel destination 
} 
} 
family inet { 
accra scm lo elcSrel OO AsiOr 


# Tunnel 
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} 
ge-0/0/0 { 
pinaic © ff 
family inet { 
address mln sO cm aioi24r 


} 
1o0 { 
Winwic © 4 
family inet { 
acliness 17 2,16.0 1/327 


routing-options { 
Siceicae 4 
BOWE wm lOn LON lay S2uenex tt teclo lemtcsite linc le Oly 





destination is reachable via test.inet.0 





routing-instances { 
test { 
instance-type virtual-router; 
interface ge-0/0/0; 
routing-options { 
Siceicae 
wrouice IMO,10 12/32 mesxie—laci 172.30,73. 972 


destination is reachable from non-default routing-instance 


# Tunnel 


# Tunnel 
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Verification 


Verification of Static Route Use 


Purpose 


Verify that the static route is used. 


Action 


Run the show route forwarding table command. 


user@host> show route forwarding-table table test 








Enabled protocols: Bridging, 
Destination Type RtRef 
default perm 0 
ORR ORO 32 perm 0 
10.10.11 .2/32 user al 
LIZ 16.0.1. 10,10 ,1 2,47 /72 
dest 0 
1726 3067350724 Banter 0 
172, 30, 73.0/ 32 dest 0 
172 305732 56/ 32 ALTE SE 0 
172. 30.73. 56/32 dest 0 
172 30,73 . 57/32 dest 0 
172.30 .73 5255/32 dest 0 
224.0.0.0/4 perm 0 
224.050 .14/32 perm 0 
DRS) 2519) 4 255) 2 59)// 32 josie 0 


No Title 
Routing table: 


Internet: 


test.inet 





Next hop 


Lz 


YZ » 
172 


LZ 


YZ « 


LZ 


224. 


30) « 


Sr 
SUR 
5 310) 6 
SOR 
5 AO s 


OF 


WS 


Us 
V3 
Us 
Ido 
Se 


Verification of Static Route Used in Default Instance 


Purpose 


Verify that the static route is used for the default instance. 


Action 


Run the show route forwarding table command. 


Sy) 


56 
56 
Si 
255 


Type Index 
rae [tes 
dscd 
hold 


koeslt 
ieSly 
recv 
loci 
loeil 
hold 
bests 
mdsc 
mcst 


best 


user@host> show route forwarding-table matching 10.10.1.2 


597 
590 
598 


617 
588 
586 
587 
587 
Ss 
585 
596 
600 
601 


NhRef 


PrP PP B® NSN PP PB 


Netif 


ge-0/0/0. 


ge-0/0/0.0 
ge-0/0/0.0 


ge-0/0/0.0 
ge-0/0/0.0 
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Routing table: default.inet 
Invernet: 


Enabled protocols: Bridging, 





Destination Type RtRef Next hop Type Index NhRef Netif 
IO .1O, 1.27352 user 0 ie lou 604 3 
SEE ALSO 


Generic Routing Encapsulation (GRE) 
Understanding Generic Routing Encapsulation 


Verifying That Generic Routing Encapsulation Tunneling Is Working Correctly 


RELATED DOCUMENTATION 


| Generic Routing Encapsulation (GRE) 


Configuring Point-to-Point Protocol over Ethernet 


IN THIS SECTION 


Understanding Point-to-Point Protocol over Ethernet | 343 

Understanding PPPoE Interfaces | 347 

Example: Configuring PPPoE Interfaces | 347 

Understanding PPPoE Ethernet Interfaces | 356 

Example: Configuring PPPoE Encapsulation on an Ethernet Interface | 356 
Understanding PPPoE ATM-over-ADSL and ATM-over-SHDSL Interfaces | 357 
Example: Configuring PPPoE Encapsulation on an ATM-over-ADSL Interface | 358 
Understanding CHAP Authentication on a PPPoE Interface | 361 

Example: Configuring CHAP Authentication on a PPPoE Interface | 361 
Verifying Credit-Flow Control | 364 

Verifying PPPoE Interfaces | 365 


Verifying R2CP Interfaces | 365 
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@ Displaying Statistics for PPPoE | 367 
@ Setting Tracing Options for PPPoE | 368 


Point-to-Point Protocol over Ethernet (PPPoE) combines PPP, with the Ethernet link-layer protocol that 
allows users to connect to a network of hosts over a bridge or access concentrator. The below topics 
discuss the overview of PPPoE interfaces, PPPoE Ethernet interfaces, PPPoE ATM-over-ADSL, and 
ATM-over-SHDSL Interfaces, CHAP aunthentication on PPPoE, displaying statistics, setting tracing options 
for PPPoE and verification of these interfaces on security devices. 


Understanding Point-to-Point Protocol over Ethernet 


IN THIS SECTION 


@ PPPoE Discovery Stage | 344 
@ PPPoE Session Stage | 345 


Point-to-Point Protocol over Ethernet (PPPoE) combines PPP, which typically runs over broadband 
connections, with the Ethernet link-layer protocol that allows users to connect to a network of hosts over 
a bridge or access concentrator. PPPoE enables service providers to maintain access control through PPP 
connections and also manage multiple hosts at a remote site. 


PPPoE connects multiple hosts on an Ethernet LAN to a remote site through a single customer premises 
equipment (CPE) device—a Juniper Networks device. Hosts share a common digital subscriber line (DSL), 
a cable modem, or a wireless connection to the Internet. 


To use PPPoE, you must initiate a PPPoE session, encapsulate Point-to-Point Protocol (PPP) packets over 
Ethernet, and configure the device as a PPPoE client. To provide a PPPoE connection, each PPP session 
must learn the Ethernet address of the remote peer and establish a unique session identifier during the 
PPPoE discovery and session stages. 
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NOTE: Juniper Networks devices with asymmetric digital subscriber line (ADSL) or symmetric 
high-speed DSL (SHDSL) interfaces can use PPPoE over Asynchronous Transfer Mode (ATM) 
to connect through DSL lines only, not for direct ATM connections. 


PPPoE has two stages, the discovery stage and the PPPoE session stage. In the discovery stage, the client 
discovers the access concentrator by identifying the Ethernet media access control (MAC) address of the 
access concentrator and establishing a PPPoE session ID. In the session stage, the client and the access 
concentrator build a point-to-point connection over Ethernet, based on the information collected in the 


discovery stage. 


This topic contains the following sections: 


PPPoE Discovery Stage 


To initiate a PPPoE session, a host must first identify the Ethernet MAC address of the remote peer and 
establish a unique PPPoE session ID for the session. Learning the remote Ethernet MAC address is called 
PPPoE discovery. 


During the PPPoE discovery process, the host does not discover a remote endpoint on the Ethernet 
network. Instead, the host discovers the access concentrator through which all PPPoE sessions are 
established. Discovery is a client/server relationship, with the host (a device running Junos OS) acting as 
the client and the access concentrator acting as the server. Because the network might have more than 
one access concentrator, the discovery stage allows the client to communicate with all of them and select 
one. 


NOTE: A device cannot receive PPPoE packets from two different access concentrators on the 
same physical interface. 


The PPPoE discovery stage consists of the following steps: 


1. PPPoE Active Discovery Initiation (PADI)—The client initiates a session by broadcasting a PADI packet 
to the LAN to request a service. 


2. PPPoE Active Discovery Offer (PADO)—Any access concentrator that can provide the service requested 
by the client in the PADI packet replies with a PADO packet that contains its own name, the unicast 
address of the client, and the service requested. An access concentrator can also use the PADO packet 
to offer other services to the client. 
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3. PPPoE Active Discovery Request (PADR)—From the PADOs it receives, the client selects one access 
concentrator based on its name or the services offered and sends it a PADR packet to indicate the 
service or services needed. 


4. PPPoE Active Discovery Session-Confirmation (PADS)—When the selected access concentrator receives 
the PADR packet, it accepts or rejects the PPPoE session: 


e To accept the session, the access concentrator sends the client a PADS packet with a unique session 
ID for a PPPoE session and a service name that identifies the service under which it accepts the 
session. 


e To reject the session, the access concentrator sends the client a PADS packet with a service name 
error and resets the session ID to zero. 


PPPoE Session Stage 


The PPPoE session stage starts after the PPPoE discovery stage is over. The access concentrator can start 
the PPPoE session after it sends a PADS packet to the client, or the client can start the PPPoE session 
after it receives a PADS packet from the access concentrator. A device supports multiple PPPoE sessions 
on each interface, but no more than 256 PPPoE sessions per device. 


Each PPPoE session is uniquely identified by the Ethernet address of the peer and the session ID. After 
the PPPoE session is established, data is sent as in any other PPP encapsulation. The PPPoE information 
is encapsulated within an Ethernet frame and is sent to a unicast address. Magic numbers, echo requests, 
and all other PPP traffic behave exactly as in normal PPP sessions. In this stage, both the client and the 
server must allocate resources for the PPPoE logical interface. 


After a session is established, the client or the access concentrator can send a PPPoE Active Discovery 
Termination (PADT) packet anytime to terminate the session. The PADT packet contains the destination 
address of the peer and the session ID of the session to be terminated. After this packet is sent, the session 
is closed to PPPoE traffic. 


NOTE: If PPPoE session is already up and the user restarts the PPPoE daemon, a new PPPoE 
daemon with a new PID starts while the existing session is not terminated. 


If PPPoE session is already down and user restarts the PPPoE daemon, the PPPoE discovery 
establishes a new session. 


The PPPoE session is not terminated for the following configuration changes: 


e Changing idle time out value 
e Changing auto rec timer value 


e Deleting idle time out 
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e Deleting auto rec timer 

e Add new auto rec time 

e Add new idle time out 

e Change negotiate address to static address 

e Change static ip address to a new static ip address 
e Changing default chap secrete 


The PPPoE session is terminated for the following configuration changes: 


e Add ac name 
e Delete chap ppp options 
e Add new chap ppp options 


e Configure uifd mac 


NOTE: When the MTU for an underlying physical interface is changed, it brings down the 
PPPoE session. The PPPoE MTU can be greater than 1492 if the Ethernet or WAN connection 
supports RFC 4638 (Mini Jumbo Frames). 


SEE ALSO 


Understanding Physical Encapsulation on an Interface | 312 

Understanding PPPoE Interfaces | 347 

Understanding PPPoE Ethernet Interfaces | 356 

Understanding PPPoE ATM-over-ADSL and ATM-over-SHDSL Interfaces | 357 
Understanding CHAP Authentication on a PPPoE Interface | 361 
Understanding the PPPoE-Based Radio-to-Router Protocol 
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| Understanding PPPoE Interfaces 


The device’s Point-to-Point Protocol over Ethernet (PPPoE) interface to the access concentrator can be 
a Fast Ethernet interface, a Gigabit Ethernet interface, a redundant Ethernet interface, an ATM-over-ADSL 
interface, or an ATM-over-SHDSL interface. The PPPoE configuration is the same for all interfaces. The 
only difference is the encapsulation for the underlying interface to the access concentrator: 


e If the interface is Ethernet, use a PPPoE encapsulation. 
e If the interface is ATM-over-ADSL or ATM-over-SHDSL, use a PPPoE over ATM encapsulation. 


To configure a PPPoE interface, you create an interface with a logical interface unit O, then specify a logical 
Ethernet or ATM interface as the underlying interface for the PPPoE session. You then specify other PPPoE 
options, including the access concentrator and PPPoE session parameters. 


NOTE: PPPoE over redundant Ethernet (reth) interface is supported on SRX100, SRX210, 
SRX220, SRX240, SRX300, SRX320, SRX340 and SRX650 devices. (Platform support depends 
on the Junos OS release in your installation.) This feature allows an existing PPPoE session to 
continue without starting a new PPPOE session in the event of a failover. 


| Example: Configuring PPPoE Interfaces 


IN THIS SECTION 


@ Requirements | 347 

@ Overview | 348 

® Configuration | 348 

@ Disabling the End-of-List Tag | 353 


This example shows how to configure a PPPoE interface. 


Requirements 


Before you begin, configure an Ethernet interface. See “Example: Creating an Ethernet Interface” on 
page 208. 
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Overview 


In this example, you create the PPPoE interface ppO.0 and specify the logical Ethernet interface ge-0/0/1.0 
as the underlying interface. You also set the access concentrator, set the PPPoE session parameters, and 
set the MTU of the IPv4 family to 1492. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces ppO unit 0 pppoe-options underlying-interface ge-0/0/1.0 access-concentrator ispl.com 
auto-reconnect 100 idle-timeout 100 client service-name video@ispl.com 
set interfaces ppO unit O family inet mtu 1492 negotiate-address 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure a PPPoE interface: 


1. Create a PPPoE interface. 


[edit] 
user@host# edit interfaces ppO unit 0 


2. Configure PPPoE options. 


[edit interfaces ppO unit O] 
user@host# set pppoe-options underlying-interface ge-0/0/1.0 access-concentrator ispl.com auto-reconnect 
100 idle-timeout 100 client service-name video@ispl.com 


3. Configure the MTU. 


[edit interfaces ppO unit O] 
user@host# set family inet mtu 1492 
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NOTE: If you want to configure mtu to a value above 1492 octets, then use ppp-max-payload 
option. Refer pppoe-options for more details. 


4. Configure the PPPoE interface address. 


[edit interfaces ppO unit O] 
user@host# set family inet negotiate-address 


Results 

From configuration mode, confirm your configuration by entering the show interfaces ppO command. If 
the output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


[edit] 
user@host# show interfaces ppO 
unit O { 
pppoe-options { 
underlying-interface ge-0/0/1.0; 
idle-timeout 100; 
access-concentrator ispl.com; 
service-name "videO@ispl.com"; 
auto-reconnect 100; 
client; 
} 
family inet { 
mtu 1492; 
negotiate-address; 


} 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


@ = Verifying PPPoE Interfaces | 350 
@ Verifying PPPoE Sessions | 351 


@ Verifying the PPPoE Version | 352 
@ Verifying PPPoE Statistics | 352 


Confirm that the configuration is working properly. 


Verifying PPPoE Interfaces 


Purpose 


Verify that the PPPoE device interfaces are configured properly. 


Action 


From operational mode, enter the show interfaces ppO command. 


user@host> show interfaces ppO 


Physical interface: pp0, Enabled, Physical link is Up 
Interface index: 67, SNMP ifIndex: 317 
Type: PPPoE, Link-level type: PPPoE, MTU: 9192 








Device flags : Present Running 





Interface flags: Point-To-Point SNMP-Traps 





Link type : Full—-Duplex 
Link flags : None 

Last flapped : Never 

Input rate Ome O Sm (OM ODS)) 
Output rate : O bps (0 pps) 


Logical interface pp0.0 (Index 1) (SNMP if Index 330) 
Flags: Point-To-Point SNMP-Traps 16384 Encapsulation: PPPo 
PEPOE: 








Pa 





Gl 


State: SessionUp, Session ID: 3304, 
Session AC name: ispl.com, AC MAC address: 00:90:1a:40:f6:4c, 





Service name: video@ispl.com, Configured AC name: ispl.com, 





Auto-reconnect timeout: 60 seconds 
Underlying interface: ge-5/0/0.0 (Index 71) 
Input packets : 23 
Output packets: 22 
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 
Keepalive: Input: 16 (00:00:26 ago), Output: O (never) 
LCP state: Opened 





NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: 


Not-configured 
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CHAP state: Success 
Protocol inet, MIU: 1492 





Flags: Negotiate-Address 





Addresses, Flags: Kernel Is-Preferred Is-Primary 
DESitimacioms Lill, 2iL,2i.2, mocals 21,21. 21, i 


The output shows information about the physical and the logical interfaces. Verify the following information: 


e The physical interface is enabled and the link is up. 

e The PPPoE session is running on the correct logical interface. 

e For state, the state is active (up). 

e For underlying interface, the physical interface on which the PPPoE session is running is correct: 


e Foran Ethernet connection, the underlying interface is Fast Ethernet or Gigabit Ethernet—for example, 
ge-5/0/0.0. 


e Foran ATM-over-ADSL or ATM-over-SHDSL connection, the underlying interface is ATM—for example, 
at-2/0/0.0. 


Verifying PPPoE Sessions 


Purpose 


Verify that a PPPoE session is running properly on the logical interface. 


Action 


From operational mode, enter the show pppoe interfaces command. 


user@host> show pppoe interfaces 


ppO0.0 Index 67 
State: Session up, Session ID: 31, 


Service name: video@ispl.com, Configured AC name: ispl.com, 





Session AC name: belur, AC MAC address: 00:90:1a:40:f6:4e, 





Auto-reconnect timeout: 1 seconds, 


Underlying interface: ge-0/0/1.0 Index 69 


The output shows information about the PPPoE sessions. Verify the following information: 


e The PPPoE session is running on the correct logical interface. 
e For state, the session is active (up). 


e For underlying interface, the physical interface on which the PPPoE session is running is correct: 
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e For an Ethernet connection, the underlying interface is Fast Ethernet or Gigabit Ethernet—for example, 
ge-0/0/1.0. 


e Foran ATM-over-ADSL or ATM-over-SHDSL connection, the underlying interface is ATM—for example, 
at-2/0/0.0. 


NOTE: To clear a PPPoE session on the pp0.0 interface, use the clear pppoe sessions pp0.0 
command. To clear all sessions on the interface, use the clear pppoe sessions command. 


Verifying the PPPoE Version 


Purpose 


Verify the version information of the PPPoE protocol configured on the device interfaces. 


Action 


From operational mode, enter the show pppoe version command. 


user@host> show pppoe version 





Point-to-Point Protocol Over Ethernet, version 1. rfc2516 











PEROL Mm DiIseEwoOco:s = Enabled 
Maximum Sessions = 256 

PADI resend timeout = 2 seconds 
PADR resend timeout = 16 seconds 
Max resend timeout = 64 seconds 
Max Configured AC timeout = 4 seconds 


The output shows PPPoE protocol information. Verify the following information: 


e The correct version of the PPPoE protocol is configured on the interface. 


e For PPPoE protocol, the PPPoE protocol is enabled. 


Verifying PPPoE Statistics 


Purpose 


Verify the statistics information about PPPoE interfaces. 


Action 


From operational mode, enter the show pppoe statistics command. 


user@host> show pppoe statistics 





Active PPPoE sessions: 4 
PacketType 
PADI 
PADO 
PADR 
PADS 
PADT 
Service name error 
AC system error 
Generic error 
alformed packets 
Unknown packets 
Timeout 
PADI 
PADO 
PADR 





The output shows information about active sessions on PPPoE interfaces. Verify the following information: 


sent 
OZ 


AALS) 


es S| ec ec Se & 


Received 
0 
2AL®) 
0 
209 
RGHIE 
0 
8) 
0 
41 
0 


e Total number of active PPPoE sessions running on the interfac 


e For packet type, the number of packets of each type sent and received during the PPPoE session 


Disabling the End-of-List Tag 


During the PPPoE discovery stage, any access concentrator that can provide the service requested by the 
client in the PADI packet replies with a PADO packet that contains its own name, the unicast address of 
the client, and the service requested. An access concentrator can also use the PADO packet to offer other 
services to the client. When a client receives a PADO packet, and if it encounters the End-of-List tag in 

the PADO packet, tags after the End-of-List tag are ignored and the complete information is not processed 


correctly. As a result, the PPPoE connection is not established correctly. 


Starting in Junos OS Release 12.3X48-D10 you can avoid some PPPoE connection errors by configuring 
the ignore-eol-tag option to disable the End-of-List tag in the PADO packet. 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 


on how to do that, see Using the CLI Editor in Configuration Mode. 


To disable the End-of-List tag: 


1. Create a PPPoE interface. 
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[edit] 
user@host# set interfaces ppO unit 0 


2. Configure PPPoE options. 


[edit interfaces ppO unit 0] 
user@host# set pppoe-options ignore-eol-tag 


Results 
From configuration mode, confirm your configuration by entering the show interfaces ppO command. If 
the output does not display the intended configuration, repeat the configuration instructions in this example 


to correct it. 


[edit] 
user@host# show interfaces ppO 
unit O { 
pppoe-options { 
ignore-eol-tag; 


If you are done configuring the device, enter commit from configuration mode. 


Verifying That the End-of-List Tag Is Disabled 


Purpose 
Verify the status of the End-of-List tag in the PPPoE configuration. 


Action 


From operational mode, enter the show interfaces pp0.0 command. 


user@host> show pppoe interfaces pp0.0 


Logical interface pp0.0 (Index 78) (SNMP ifIndex 541) 








Flags: Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPoE 
PPPOn? 





State: SessionUp, Session ID: 3, 


Session AC name: cell, Remote MAC address: 00:26:88:£7:77:83, 








Configured AC name: None, Service name: None, 





Auto-reconnect timeout: Never, Idle timeout: Never, 
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Underlying interface: ge-0/0/3.0 (Index 77) 
Ignore End-Of-List tag: Enable 


user@host> show pppoe interfaces pp0.0 extensive 


ppd0.0 Index 74 
State: Session up, Session ID: 1, 


Service name: None, 





Session AC name: cell, Configured AC name: None, 
Remote MAC address: 00:26:88:£7:77:83, 


Session uptime: 00:02:03 ago, 





Auto-reconnect timeout: 10 seconds, Idle timeout: Never, 





Underlying interface: ge-0/0/3.0 Index 73 
Ignore End-of-List tag: Enable 





PacketType Sent Received 
PADI Zs 0 
PADO 0 5) 
PADR JEL 0 
PADS 0 2 
PADT 2 0 
Service name error 0 0 
AC system error 0 0 
Generic error 0 0 

alformed packets 0 0 
Unknown packets 0 0 

Timeout 
PADI 3) 

PADO 
PADR 3 





Receive Error Counters 
PADI 
PADO 
PADR 








Se ec S&S & 


PADS 


The output shows information about active sessions on PPPoE interfaces. Verify that the Ignore End-of-List 
tag: Enable option is set. 
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| Understanding PPPoE Ethernet Interfaces 


During a Point-to-Point Protocol over Ethernet (PPPoE) session, the device encapsulates each PPP frame 
in an Ethernet frame and transports the frames over an Ethernet loop. Figure 19 on page 356 shows a 
typical PPPoE session between a device and an access concentrator on the Ethernet loop. 


Figure 19: PPPoE Session on the Ethernet Loop 
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To configure PPPoE on an Ethernet interface, you configure encapsulation on the logical interface. 


| Example: Configuring PPPoE Encapsulation on an Ethernet Interface 


IN THIS SECTION 


Requirements | 356 


t 

@ Overview | 357 

@ = Configuration | 357 
e 


Verification | 357 


This example shows how to configure PPPoE encapsulation on an Ethernet interface. 


Requirements 


Before you begin: 
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e Configure an Ethernet interface. See “Example: Creating an Ethernet Interface” on page 208. 


e Configure a PPPoE encapsulation interface. See “Example: Configuring PPPoE Interfaces” on page 347. 


Overview 


In this example, you configure PPPoE encapsulation on the ge-0/0/1 interface. 


Configuration 


Step-by-Step Procedure 


To configure PPPoE encapsulation: 


1. Enable PPPoE encapsulation on the interface. 


[edit] 
user@host# set interfaces ge-0/0/1 unit O encapsulation ppp-over-ether 


2. Commit the configuration if you are done configuring the device. 


[edit] 
user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interfaces ge-0/0/1 command. 


Understanding PPPoE ATM-over-ADSL and ATM-over-SHDSL Interfaces 


When an ATM network is configured with a point-to-point connection, Point-to-Point Protocol over 
Ethernet (PPPoE) can use ATM Adaptation Layer 5 (AALS) for framing PPPoE-encapsulated packets. The 
AAL5 protocol provides a virtual connection between the client and the server within the same network. 
The device encapsulates each PPPoE frame in an ATM frame and transports each frame over an asymmetric 
digital subscriber line (ADSL) or symmetric high-speed DSL(SHDSL) loop and a digital subscriber line access 
multiplexer (DSLAM). For example, Figure 20 on page 358 shows a typical PPPoE over ATM session between 
a device and an access concentrator on an ADSL loop. 


358 


Figure 20: PPPoE Session on an ADSL Loop 
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For PPPoE on an ATM-over-ADSL or ATM-over-SHDSL interface, you must configure encapsulation on 
both the physical and logical interfaces. To configure encapsulation on an ATM-over-ADSL or 
ATM-over-SHDSL physical interface, use Ethernet over ATM encapsulation. To configure encapsulation 
on an ATM-over-ADSL or ATM-over-SHDSL logical interface, use PPPoE over AALS5 logical link control 
(LLC) encapsulation. LLC encapsulation allows a single ATM virtual connection to transport multiple 
protocols. 


Example: Configuring PPPoE Encapsulation on an ATM-over-ADSL Interface 


IN THIS SECTION 


Requirements | 358 
Overview | 359 
Configuration | 359 


Verification | 360 


This example shows how to configure a physical interface for Ethernet over ATM encapsulation and how 
to create a logical interface for PPPoE over LLC encapsulation. 


Requirements 


Before you begin: 


e Configure network interfaces. See “Example: Creating an Ethernet Interface” on page 208. 
e Configure PPPoE interfaces. See “Example: Configuring PPPoE Interfaces” on page 347. 


e Configure PPPoE encapsulation on an Ethernet interface. See “Example: Configuring PPPoE Encapsulation 
on an Ethernet Interface” on page 356. 
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Overview 


In this example, you configure the physical interface at-2/0/0 for Ethernet over ATM encapsulation. As 
part of the configuration, you set the virtual path identifier (VPI) on an ATM-over-ADSL physical interface 
to O, you set the ADSL operating mode to auto, and you set the encapsulation type to ATM-over-ADSL. 
Then you create a logical interface for PPPoE over LLC encapsulation. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces at-2/0/0 atm-options vpi 0 

set interfaces at-2/0/0 dsl-options operating-mode auto 

set interfaces at-2/0/0 encapsulation ethernet-over-atm 

set interfaces at-2/0/0 unit O encapsulation ppp-over-ether-over-atm-llc vci 0.120 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure PPPoE encapsulation on an ATM-over-ADSL interface: 


1. Configure the physical interface. 


[edit] 
user@host# edit interfaces at-2/0/0 


2. Set the VPI on the interface. 


[edit interfaces at-2/0/0] 
user@host# set atm-options vpi 0 


3. Configure the ADSL operating mode. 


[edit interfaces at-2/0/0] 
user@host# set dsl-options operating-mode auto 


4. Configure PPPoE encapsulation. 
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[edit interfaces at-2/0/0] 
user@host# set encapsulation ethernet-over-atm 


5. Create a logical interface and configure LLC encapsulation. 


[edit interfaces at-2/0/0] 
user@host# set unit O encapsulation ppp-over-ether-over-atm-llc vci 0.120 


Results 


From configuration mode, confirm your configuration by entering the show interfaces at-2/0/0 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 
user@host# show interfaces at-2/0/0 { 
encapsulation ethernet-over-atm; 
atm-options { 
vpi O; 
} 
dsl-options { 
operating-mode auto; 


} 

unit O { 
encapsulation ppp-over-ether-over-atm-llc; 
vci 0.120; 


} 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


@ Verifying a PPPoE Configuration for an ATM-over-ADSL or ATM-over-SHDSL Interface | 361 


Confirm that the configuration is working properly. 
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Verifying a PPPoE Configuration for an ATM-over-ADSL or ATM-over-SHDSL Interface 


Purpose 
Verify the PPPoE configuration for an ATM-over-ADSL or ATM-over-SHDSL interface. 


Action 


From operational mode, enter the show interfaces command. 


| Understanding CHAP Authentication on a PPPoE Interface 


For interfaces with Point-to-Point Protocol over Ethernet (PPPoE) encapsulation, you can configure 
interfaces to support the PPP Challenge Handshake Authentication Protocol (CHAP). When you enable 
CHAP on an interface, the interface can authenticate its peer and be authenticated by its peer. 


If you set the passive option to handle incoming CHAP packets only, the interface does not challenge its 
peer. However, if the interface is challenged, it responds to the challenge. If you do not set the passive 
option, the interface always challenges its peer. 


You can configure Remote Authentication Dial-In User Service (RADIUS) authentication of PPP sessions 
using CHAP. CHAP enables you to send RADIUS messages through a routing instance to customer RADIUS 
servers in a private network. 


| Example: Configuring CHAP Authentication on a PPPoE Interface 


IN THIS SECTION 


Requirements | 361 
Overview | 362 
Configuration | 362 


Verification | 363 


This example shows how to configure CHAP authentication on a PPPoE interface. 


Requirements 


Before you begin: 
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e Configure an Ethernet interface. See “Example: Creating an Ethernet Interface” on page 208. 
e Configure a PPPoE interface. See “Example: Configuring PPPoE Interfaces” on page 347. 


e Configure PPPoE encapsulation on an ATM-over-ADSL interface. See “Example: Configuring PPPoE 
Encapsulation on an ATM-over-ADSL Interface” on page 358. 


Overview 


In this example, you configure a CHAP access profile, and then apply it to the PPPoE interface ppO. You 
also configure the hostname to be used in CHAP challenge and response packets, and set the passive 
option for handling incoming CHAP packets. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set access profile A-ppp-client client client1 chap-secret my-secret 
set interfaces ppO unit O ppp-options chap access-profile A-ppp-client local-name A-ge-0/0/1.0 passive 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure CHAP on a PPPoE interface: 


1. Configure a CHAP access profile. 


[edit] 
user@host# set access profile A-ppp-client client client1 chap-secret my-secret 


2. Enable CHAP options on the interface. 


[edit] 
user@host# edit interfaces ppO unit O ppp-options chap 


3. Configure the CHAP access profile on the interface. 
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[edit interfaces ppO unit O ppp-options chap] 
user@host# set access-profile A-ppp-client 


4. Configure a hostname for the CHAP challenge and response packets. 


[edit interfaces ppO unit O ppp-options chap] 
user@host# set local-name A-ge-0/0/1.0 


5. Set the passive option to handle incoming CHAP packets only. 


[edit interfaces ppO unit O ppp-options chap] 
user@host# set passive 


Results 

From configuration mode, confirm your configuration by entering the show interfaces command. If the 
output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


[edit] 
user@host# show interfaces 
ppo { 
unit O { 
ppp-options { 
chap { 
access-profile A-ppp-client; 
local-name A-ge-0/0/1.0; 
passive; 
} 
} 
} 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


Confirm that the configuration is working properly. 


Verifying CHAP Authentication 


Purpose 


Verify that CHAP is enabled on the interface. 


Action 


From operational mode, enter the show interfaces command. 


Verifying Credit-Flow Control 


Purpose 


Display PPPoE credit-flow control information about credits on each side of the PPPoE session when 
credit processing is enabled on the interface. 


Action 


user@host> show pppoe interface detail 


ppO.51 Index 73 


State: Session up, Session ID: 3, 





Service name: None, 
Configured AC name: None, Session AC name: None, 
Remote MAC address: 00:22:83:84:2e:81, 


Session uptime: 00:05:48 ago, 








Auto-reconnect timeout: Never, Idle timeout: Never, 
Underlying interface: ge-0/0/4.1 Index 72 
PADG Credits: Local: 12345, Remote: 6789, Scale factor: 128 bytes 
PADQ Current bandwidth: 750 Kbps, Maximum 1000 Kbps 
Quality: 85, Resources 65, Latency 100 msec. 


Dynamic bandwidth: 3 Kbps 


pp0.1000 Index 71 


State: Down, Session ID: 1, 





Service name: None, 
Configured AC name: None, Session AC name: None, 
Remote MAC address: 00:00:00:00:00:00, 


Auto-reconnect timeout: Never, Idle timeout: Never, 








Underlying interface: ge-0/0/1.0 Index 70 
PADG Credits: enabled 
Dynamic bandwidth: enabled 
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| Verifying PPPoE Interfaces 


Purpose 


Display PPPoE interfaces information. 


Action 
e To display PPPoE interface information: 


user@host> show pppoe interfaces pp0.51 detail 


pp0.51 Index 75 


State: Session up, Session ID: 1, 





Service name: None, 

Configured AC name: None, Session AC name: None, 
Remote MAC address: 00:11:22:33:44:55, 

Session uptime: 00:04:18 ago, 





Auto-reconnect timeout: Never, Idle timeout: Never, 

Underlying interface: ge-0/0/1.0 Index 70 

PADQ Current bandwidth: 750 Kbps, Maximum 1000 Kbps 
Quality: 85, Resources 65, Latency 100 msec. 


Dynamic bandwidth: 3 Kbps 


e To display PPPoE terse interface information: 


user@host> show pppoe interfaces terse pp0.51 


Interface Admin Link Proto Local Remote 
ppod.51 up up inet SAL alle aeal ==> Soleil .2 
inet6 TEBOW 9 Bilie oi Bicie s rec2o 2913/64 


EeSas 853 le ilgil/ 126 


| Verifying R2CP Interfaces 


Purpose 


Display R2CP interfaces information. 


Action 
e To display R2CP interface information: 


root@host> show r2cp interfaces 


Interface: ge-0/0/3.51 
Nodes: 0 


e To display R2CP information: 


root@host> show r2cp radio extensive 











ode Packet Type Sent 
MIM = 
ROM i 
Heartbeats 0 
ode Term 0 
ode Term Ack 0 
Heartbeat Timeouts 0 
ode Term Timeouts 0 
Session Packet Type Sent 
Init = 
Init ACK ale 
Update = 
Terminate 0 
Terminate ACK 0 
Terminate Timeouts 0 





e To display R2CP session information: 


root@host> show r2cp sessions extensive 


Session: 1 


Destination MAC address 01:02:03:04:05:06 
Status: Established VLANs 201 





Virtual channel: 2 


Received 
al 


sr eS S& 


Received 
al 





EYrors 





EYrors 
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Session Update: last received: 3.268 seconds 
Current bandwidth: 22000 Kbps, Maximum 22000 Kbps 
Quality: 100, Resources 100, Latency 100 msec. 
Effective bandwidth: 952 Kbps, last change: 51.484 secon 





Updates below threshold: 1 


Session Packet Type Sent Received 
eraeinte = ale 
Init ACK ale = 
Update = 0 
Terminate 0 0 
Terminate ACK 0 0 
Terminate Timeouts 0 





| Displaying Statistics for PPPoE 


Purpose 
Display PPPoE statistics. 


Action 


user@host> show interfaces pp0.51 statistics 


Logical interface pp0.51 (Index 75) (SNMP ifIndex 137) 


ds 





EYrors 








Flags: Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPo 
PPPOR? 





State: SessionUp, Session ID: 1, 


Session AC name: None, Remote MAC address: 00:22:83:84 





Underlying interface: ge-0/0/4.1 (Index 74) 
Input packets : 20865 
Output packets: 284636 


| 


ory 


Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 


Keepalive: Input: 0 (never), Output: 943 (00:00:06 ago) 
LCP state: Opened 


NCP state: inet: Opened, inet6: Opened, iso: Not-configured, mpls: 





Not-configured 


CHAP state: Closed 
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INS Sicaeices Closeel 
Security: Zone: Null 
Protocol inet, MIU: 1492 

Flags: None 





Addresses, Flags: Is-Preferred Is—Primary 
DaScamacaoems Hol .il.e, locals S L.i.l 
PCIE sae G, Wanlujs ile)” 
Flags: None 
Addresses, Flags: Is-—Preferred 
DASicalimere tome wSHKOes/G4, ieroells iSO SoA ilies iirc 8 eeelYs 2S) 115} 





Addresses, Flags: Is-Preferred Is—Primary 
DAaSicalmercioms reeeseHsileilsO/il26, woeeille weease5eisileil 


| Setting Tracing Options for PPPoE 


To trace the operations of the router’s PPPoE process, include the traceoptions statement at the [edit 
protocols pppoe] hierarchy level: 


[edit protocols pppoe] 
traceoptions { 
file filename <files number> <match regular-expression> <size size> <world-readable | no-world-readable>; 
flag flag; 
level severity-level; 
no-remote-trace; 


To specify more than one tracing operation, include multiple flag statements. 
You can specify the following flags in the traceoptions statement: 


all—All areas of code 


e config—Configuration code 

e events—Event code 

e gres—Gres code 

e init—Initialization code 

e interface-db—Interface database code 
e memory—Memory management code 


e protocol—PPPoE protocol processing code 


rtsock—Routing socket code 
session-db—Session management code 
signal—Signal handling code 
state—State handling code 
timer—Timer code 


ui—User interface code 
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Configuring Link Services Interfaces 


IN THIS SECTION 


Link Services Interfaces Overview | 371 

Link Services Configuration Overview | 378 

Verifying the Link Services Interface | 379 

Understanding the Internal Interface LSQ-0/0/0 Configuration | 385 
Example: Upgrading from Is-0/0/0 to Isq-0/0/0 for Multilink Services | 385 


Troubleshooting the Link Services Interface | 389 


Juniper Networks devices support link services on the Isq-0/0/0 link services queuing interface which 
includes multilink services like MLPP, MLFR and CRTP. The topics below discuss the overview of link 
services, configuration details and verification of the link services on SRX series devices. 


| Link Services Interfaces Overview 


IN THIS SECTION 


Services Available on a Link Services Interface | 372 

Link Services Exceptions | 373 

Configuring Multiclass MLPPP | 374 

Queuing with LFl | 375 

Compressed Real-Time Transport Protocol Overview | 376 


Configuring Fragmentation by Forwarding Class | 376 


Configuring Link-Layer Overhead | 378 


Link services include the multilink services Multilink Point-to-Point Protocol (MLPPP), Multilink Frame 
Relay (MLFR), and Compressed Real-Time Transport Protocol (CRTP). Juniper Networks devices support 
link services on the Isq-0/0/0 link services queuing interface. 
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You configure the link services queuing interface (Isq-0/0/0) on a Juniper Networks device to support 


multilink services and CRTP. 


The link services queuing interface on SRX Series devices consists of services provided by the following 


interfaces on the Juniper Networks M Series and T Series routing platforms: multilink services interface 


(ml-fpc/pic/port), link services interface (Is-fpc/pic/port), and link services intelligent queuing interface 


(Isq-fpc/pic/port). Although the multilink services, link services, and link services intelligent queuing (IQ) 
interfaces on M Series and T Series routing platforms are installed on Physical Interface Cards (PICs), the 
link services queuing interface on SRX Series devices is an internal interface only and is not associated 


with a physical medium or Physical Interface Module (PIM). 


NOTE: (Is-fpc/pic/port) is not supported on SRX Series devices. 


This section contains the following topics. 


Services Available on a Link Services Interface 


The link services interface is a logical interface available by default. Table 29 on page 372 summarizes the 


services available on the interface. 


Table 29: Services Available on a Link Services Interface 


Services 


Multilink bundles by 
means of MLPPP and 
MLFR encapsulation 


Link fragmentation and 
interleaving (LF1) 


Compressed Real-Time 
Transport Protocol 
(CRTP) 


Purpose 


Aggregates multiple constituent links into 
one larger logical bundle to provide 
additional bandwidth, load balancing, and 
redundancy. 


NOTE: Dynamic call admission control 
(DCAC) configurations are not supported 
on Link Services Interfaces. 


Reduces delay and jitter on links by breaking 
up large data packets and interleaving 
delay-sensitive voice packets with the 
resulting smaller packets. 


Reduces the overhead caused by Real-Time 
Transport Protocol (RTP) on voice and video 
packets. 


More Information 


e Example: Configuring an MLPPP Bundle 
on page 419 
e Example: Configuring Multilink Frame 


Relay FRF.15 on page 424 


e Example: Configuring Multilink Frame 
Relay FRF.16 on page 428 


“Understanding Link Fragmentation and 
Interleaving Configuration” on page 402 


“Compressed Real-Time Transport Protocol 
Overview” on page 376 


Table 29: Services Available on a Link Services Interface (continued) 


Services 


Class-of-service (CoS) 
classifiers, forwarding 
classes, schedulers and 
scheduler maps, and 
shaping rates 


Link Services Exceptions 


Purpose 


Provides a higher priority to delay-sensitive 
packets—by configuring CoS, such as the 
following: 


Classifiers—To classify different types of 
traffic, such as voice, data, and network 
control packets. 


Forwarding classes—To direct different 
types of traffic to different output 
queues. 


Fragmentation map—To define mapping 
between forwarding class and multilink 
class, and forwarding class and fragment 
threshold. In forwarding class and 
multilink class mapping, drop timeout can 
be configured. 


Schedulers and scheduler maps—To 
define properties for the output queues 
such as delay-buffer, transmission rate, 
and transmission priority. 


Shaping rate—To define certain 
bandwidth usage by an interface. 


More Information 


e Example: Configuring Interface Shaping 


Rates on page 416 


e Configuring Fragmentation by Forwarding 


Class on page 376 


The link and multilink services implementation on SRX Series devices is similar to the implementation on 


the M Series and T Series routing platforms, with the following exceptions: 


e Support for link and multilink services are on the Isq-0/0/0 interface instead of the ml-fpc/pic/port, 
Isq-fpc/pic/port, and |s-fpc/pic/port interfaces. 


e When LFI is enabled, fragmented packets are queued in a round-robin fashion on the constituent links 


to enable per-packet and per-fragment load balancing. See “Queuing with LFl” on page 375. 


e Support for per-unit scheduling is on all types of constituent links (on all types of interfaces). 


e Support for Compressed Real-Time Transport Protocol (CRTP) is for both MLPPP and PPP. 
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Configuring Multiclass MLPPP 


For Isq-0/0/0 on Juniper Networks device, with MLPPP encapsulation, you can configure multiclass 
MLPPP. If you do not configure multiclass MLPPP, fragments from different classes cannot be interleaved. 
All fragments for a single packet must be sent before the fragments from another packet are sent. 
Non-fragmented packets can be interleaved between fragments of another packet to reduce latency seen 
by non-fragmented packets. In effect, latency-sensitive traffic is encapsulated as regular PPP traffic, and 
bulk traffic is encapsulated as multilink traffic. This model works as long as there is a single class of 
latency-sensitive traffic, and there is no high-priority traffic that takes precedence over latency-sensitive 
traffic. This approach to LFI, used on the Link Services PIC, supports only two levels of traffic priority, 
which is not sufficient to carry the four-to-eight forwarding classes that are supported by M series and T 


series routing platforms. 


Multiclass MLPPP makes it possible to have multiple classes of latency-sensitive traffic that are carried 
over a single multilink bundle with bulk traffic. In effect, multiclass MLPPP allows different classes of traffic 
to have different latency guarantees. With multiclass MLPPP, you can map each forwarding class into a 
separate multilink class, thus preserving priority and latency guarantees. 


NOTE: Configuring both LFl and multiclass MLPPP on the same bundle is not necessary, nor is 
it supported, because multiclass MLPPP represents a superset of functionality. When you 
configure multiclass MLPPP, LFI is automatically enabled. 


The Junos OS PPP implementation does not support the negotiation of address field compression 
and protocol field compression PPP NCP options, which means that the software always sends 
a full 4-byte PPP header. 


The Junos OS implementation of multiclass MLPPP does not support compression of common 
header bytes. 


Multiclass MLPPP greatly simplifies packet ordering issues that occur when multiple links are used. Without 
multiclass MLPPP, all voice traffic belonging to a single flow is hashed to a single link to avoid packet 
ordering issues. With multiclass MLPPP, you can assign voice traffic to a high-priority class, and you can 


use multiple links. 


To configure multiclass MLPPP ona link services IQ interface, you must specify how many multilink classes 
should be negotiated when a link joins the bundle, and you must specify the mapping of a forwarding class 
into an multiclass MLPPP class. 


To specify how many multilink classes should be negotiated when a link joins the bundle, include the 
multilink-max-classes statement: 


multilink-max-classes number; 


You can include this statement at the following hierarchy levels: 


e [edit interfaces interface-name unit logical-unit-number] 


e [edit logical-routers logical-router-name interfaces interface-name unit logical-unit-number] 


The number of multilink classes can be 1 through 8. The number of multilink classes for each forwarding 
class must not exceed the number of multilink classes to be negotiated. 


To specify the mapping of a forwarding class into a multiclass MLPPP class, include the multilink-class 
statement at the [edit class-of-service fragmentation-maps forwarding-class class-name] hierarchy level: 


edit class-of-service fragmentation-maps forwarding-class class-namemultilink-class number 


The multilink class index number can be O through 7. The multilink-class statement and the 
no-fragmentation statement are mutually exclusive. 


To view the number of multilink classes negotiated, issue the show interfaces Isq-0/0/0.logical-unit-number 
detail command. 


Queuing with LFl 


LFI or non-LFl packets are placed into queues on constituent links based on the queues in which they 
arrive. No changes in the queue number occur while the fragmented, non-fragmented, or LFl packets are 
being queued. 


For example, assume that Queue QO is configured with fragmentation threshold 128, Q1 is configured 
with no fragmentation, and Q2 is configured with fragmentation threshold 512. QO is receiving stream of 
traffic with packet size 512. Q1 is receiving voice traffic of 64 bytes, and Q2 is receiving stream of traffic 
with 128-byte packets. Next the stream on QO gets fragmented and queued up into QO of a constituent 
link. Also, all packets on Q2 are queued up on QO on constituent link. The stream on Q1 is considered to 
be LFI because no fragmentation is configured. All the packets from QO and Q2 are queued up on QO of 
constituent link. All the packets from Q1 are queued up on Q2 of constituent link. 


Using Isq-0/0/0, CRTP can be applied on LFI and non-LFl packets. There will be no changes in their queue 
numbers because of CRTP. 


Queuing on Q2s of Constituent Links 


When using class of service on a multilink bundle, all Q2 traffic from the multilink bundle is queued to Q2 
of constituent links based on a hash computed from the source address, destination address, and the IP 
protocol of the packet. If the IP payload is TCP or UDP traffic, the hash also includes the source port and 
destination port. As a result of this hash algorithm, all traffic belonging to one traffic flow is queued to Q2 
of one constituent link. This method of traffic delivery to the constituent link is applied at all times, including 
when the bundle has not been set up with LF. 
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Compressed Real-Time Transport Protocol Overview 


Real-Time Transport Protocol (RTP) can help achieve interoperability among different implementations of 
network audio and video applications. However, in some cases, the header, which includes the IP, UDP, 
and RTP headers, can be too large (around 40 bytes) on networks using low-speed lines such as dial-up 
modems. Compressed Real-Time Transport Protocol (CRTP) can be configured to reduce network overhead 
on low-speed links. CRTP replaces the IP, UDP, and RTP headers with a 2-byte context ID (CID), reducing 
the header overhead considerably. 


Figure 21 on page 376 shows how CRTP compresses the RTP header in a voice packet by reducing a 40-byte 
header to a 2-byte header. 


Figure 21: CRTP 
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You can configure CRTP with MLPPP or PPP logical interface encapsulation on link services interfaces. 
See “Example: Configuring an MLPPP Bundle” on page 419. 


Real-time and non-real-time data frames are carried together on lower-speed links without causing excessive 
delays to the real-time traffic. See “Understanding Link Fragmentation and Interleaving Configuration” on 
page 402. 


Configuring Fragmentation by Forwarding Class 


For Isq-0/0/0, you can specify fragmentation properties for specific forwarding classes. Traffic on each 
forwarding class can be either multilink encapsulated (fragmented and sequenced) or non-encapsulated 
(hashed with no fragmentation). By default, traffic in all forwarding classes is multilink encapsulated. 


When you do not configure fragmentation properties for the queues on MLPPP interfaces, the fragmentation 
threshold you set at the [edit interfaces interface-name unit logical-unit-number fragment-threshold] 
hierarchy level is the fragmentation threshold for all forwarding classes within the MLPPP interface. For 
MLFR FRF.16 interfaces, the fragmentation threshold you set at the [edit interfaces interface-name 
mlfr-uni-nni-bundle-options fragment-threshold] hierarchy level is the fragmentation threshold for all 
forwarding classes within the MLFR FRF.16 interface. 


If you do not set a maximum fragment size anywhere in the configuration, packets are still fragmented if 
they exceed the smallest maximum transmission unit (MTU) or maximum received reconstructed unit 
(MRRU) of all the links in the bundle. A non-encapsulated flow uses only one link. If the flow exceeds a 
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single link, then the forwarding class must be multilink encapsulated, unless the packet size exceeds the 
MTU/MRRU. 


Even if you do not set a maximum fragment size anywhere in the configuration, you can configure the 
MRRU by including the mrru statement at the [edit interfaces Isq-0/0/0 unit logical-unit-number] or [edit 
interfaces interface-name mlfr-uni-nni-bundle-options] hierarchy level. The MRRU is similar to the MTU, 
but is specific to link services interfaces. By default the MRRU size is 1504 bytes, and you can configure 
it to be from 1500 through 4500 bytes. 


To configure fragmentation properties on a queue, include the fragmentation-maps statement at the [edit 
class-of-service] hierarchy level: 


[edit class-of-service] 


fragmentation-maps { 
map-name { 
forwarding-class class-name { 
fragment-threshold bytes; 
multilink-class number; 
no-fragmentation; 


To set a per-forwarding class fragmentation threshold, include the fragment-threshold statement in the 
fragmentation map. This statement sets the maximum size of each multilink fragment. 


To set traffic on a queue to be non-encapsulated rather than multilink encapsulated, include the 
no-fragmentation statement in the fragmentation map. This statement specifies that an extra fragmentation 
header is not prepended to the packets received on this queue and that static link load balancing is used 
to ensure in-order packet delivery. 


For a given forwarding class, you can include either the fragment-threshold or no-fragmentation statement; 
they are mutually exclusive. 


You use the multilink-class statement to map a forwarding class into a multiclass MLPPP. For a given 
forwarding class, you can include either the multilink-class or no-fragmentation statement; they are 
mutually exclusive. 


To associate a fragmentation map with a multilink PPP interface or MLFR FRF.16 DLCI, include the 
fragmentation-map statement at the [edit class-of-service interfaces interface-name unit 
logical-unit-number] hierarchy level: 


[edit class-of-service interfaces] 


Isq-0/0/0 { 
unit logical-unit-number { # Multilink PPP 
fragmentation-map map-name; 


} 


Isq-0/0/0:channel { # MLFR FRF.16 
unit logical-unit-number 
fragmentation-map map-name; 


} 


Configuring Link-Layer Overhead 


Link-layer overhead can cause packet drops on constituent links because of bit stuffing on serial links. Bit 
stuffing is used to prevent data from being interpreted as control information. 


By default, 4 percent of the total bundle bandwidth is set aside for link-layer overhead. In most network 
environments, the average link-layer overhead is 1.6 percent. Therefore, we recommend 4 percent as a 
safeguard. 


For Isq-0/0/0 on Juniper Networks device, you can configure the percentage of bundle bandwidth to be 


set aside for link-layer overhead. To do this, include the link-layer-overhead statement: 


link-layer-overhead percent; 


You can include this statement at the following hierarchy levels: 


e [edit interfaces interface-name mlfr-uni-nni-bundle-options] 
e [edit interfaces interface-name unit logical-unit-number] 


e [edit logical-routers logical-router-name interfaces interface-name unit logical-unit-number] 


You can configure the value to be from O percent through 50 percent. 


Link Services Configuration Overview 


Before you begin: 


e Install device hardware. 


e Establish basic connectivity. See the Getting Started Guide for your device. 
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e Havea basic understanding of physical and logical interfaces and Juniper Networks interface conventions. 
See “Understanding Interfaces” on page 29 


Plan how you are going to use the link services interface on your network. See “Link Services Interfaces 
Overview” on page 371. 


To configure link services on an interface, perform the following tasks: 


1. Configure link fragmentation and interleaving (LFl). See “Example: Configuring Link Fragmentation and 
Interleaving” on page 403. 


2. Configure classifiers and forwarding classes. See “Example: Defining Classifiers and Forwarding Classes” 
on page 406. 


3. Configure scheduler maps. See “Understanding How to Define and Apply Scheduler Maps” on page 410. 
4. Configure interface shaping rates. See “Example: Configuring Interface Shaping Rates” on page 416 
5. Configure an MLPPP bundle. See “Example: Configuring an MLPPP Bundle” on page 419. 


6. Toconfigure MLFR, see “Example: Configuring Multilink Frame Relay FRF.15” on page 424 or “Example: 
Configuring Multilink Frame Relay FRF.16” on page 428 


7. To configure CRTP, see “Example: Configuring the Compressed Real-Time Transport Protocol” on 
page 434 


| Verifying the Link Services Interface 


IN THIS SECTION 


@ Verifying Link Services Interface Statistics | 380 


@ Verifying Link Services CoS Configuration | 382 


380 


Confirm that the configuration is working properly. 


Verifying Link Services Interface Statistics 


Purpose 


Verify the link services interface statistics. 


Action 

The sample output provided in this section is based on the configurations provided in “Example: Configuring 
an MLPPP Bundle” on page 419. To verify that the constituent links are added to the bundle correctly and 
the packets are fragmented and transmitted correctly, take the following actions: 


1. On device RO and device R1, the two devices used in this example, configure MLPPP and LFl as described 
in “Example: Configuring an MLPPP Bundle” on page 419. 


2. From the CLI, enter the ping command to verify that a connection is established between RO and R1. 


3. Transmit 10 data packets, 200 bytes each, from RO to R1. 


4. On RO, from the CLI, enter the show interfaces interface-name statistics command. 


user@RO> show interfaces Isq-0/0/0 statistics detail 





Physical interface: lsq-0/0/0, Enabled, Physical link is Up 
Interface index: 134, SNMP ifIndex: 29, Generation: 135 

Link-level type: LinkService, MTU: 1504 

Device flags : Present Running 

Interface flags: Point-To-Point SNMP-Traps 

Last flapped 5 Z0UG-OS—25 liesGs25 RDU (WSsS8s4s age) 

Sivalteaksicke sum laiciamclkoaned ae O OCS OG — 7 Smlkonrsloshla au Dalen (OOO nl acpo A mralcio)) 


INES) Sieeheslsic sess 








Input bytes : 0 0 bps 
Output bytes : 1820 0 bps 
Input packets: 0 O pps 
Output packets: 10 0 pps 
Egress queues: 8 supported, 8 in use 
Queue counters: Queued packets Transmitted packets Dropped packets 
O DATA 10 L@ 0 


1 expedited-fo 0 0 0 
2 VOICE 0 0 0 
3 NC 0 0 0 





Logical interface 1lsq-0/0/0. 


Bandwidth: l16mbps 


Bundle options: 


Drop timer period 
Sequence number format 
Fragmentation threshold 


Links needed to sustain 





Interleave fragments 
Bundle errors: 
Packet drops 


Fragment drops 


Siecicels enters) Frames 
Bundle: 
Fragments: 
LIM STONE  § 0 
Output: 20 
acieiacr 
LIMOWNE 8 0 
OuEpUE: 10 
Link: 
se-1/0/0.0 
LIM SIONE  § 0 
Output: 10 
se-1/0/1.0 
LIMOWIE 8 0 
Output: ILO) 


Desicameesoms 10 ,0.,0,9/24, 


Generation:144 


Q (Index 67) 
Flags: Point-To-Point SNMP-Traps 0x4000 


bundle 


(SNMP 





0 


ifIndex 41) (Generation 133) 


Encapsulation: Multilink-—PPP 


long (24 bits) 


128 
il 
Enabled 





0 (0 bytes) 
0 (0 bytes) 


fps 


OSes 10.0.0. 10, 


Bytes bps 
0 
LIAO 
0 0 
L20) 0 
0 0 
AS20) 0 
0 0 
600 0 


Broadcast: Unspecified, 


This output shows a summary of interface information. Verify the following information: 


e Physical interface—The physical interface is Enabled. If the interface is shown as Disabled, do either of 


the following: 


e In the CLI configuration editor, delete the disable statement at the [edit interfaces interface-name] 


level of the configuration hierarchy. 
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e Inthe J-Web configuration editor, clear the Disable check box on the Interfaces>interface-name page. 


Physical link—The physical link is Up. A link state of Down indicates a problem with the interface module, 
interface port, or physical connection (link-layer errors). 


Last flapped—The Last Flapped time is an expected value. The Last Flapped time indicates the last time 
the physical interface became unavailable and then available again. Unexpected flapping indicates likely 
link-layer errors. 


Traffic statistics—Number and rate of bytes and packets received and transmitted on the interface. 
Verify that the number of inbound and outbound bytes and packets match the expected throughput for 
the physical interface. To clear the statistics and see only new changes, use the clear interfaces statistics 
interface-name command. 


Queue counters—Name and number of queues are as configured. This sample output shows that 10 
data packets were transmitted and no packets were dropped. 


Logical interface—Name of the multilink bundle you configured—Isq-0/0/0.0. 
Bundle options—Fragmentation threshold is correctly configured, and fragment interleaving is enabled. 
Bundle errors—Any packets and fragments dropped by the bundle. 


Statistics—The fragments and packets are received and transmitted correctly by the device. All references 
to traffic direction (input or output) are defined with respect to the device. Input fragments received by 
the device are assembled into input packets. Output packets are segmented into output fragments for 
transmission out of the device. 


In this example, 10 data packets of 200 bytes were transmitted. Because the fragmentation threshold 
is set to 128 bytes, all data packets were fragmented into two fragments. The sample output shows that 
10 packets and 20 fragments were transmitted correctly. 


Link—The constituent links are added to this bundle and are receiving and transmitting fragments and 
packets correctly. The combined number of fragments transmitted on the constituent links must be 
equal to the number of fragments transmitted from the bundle. This sample output shows that the bundle 
transmitted 20 fragments and the two constituent links se-1/0/0.0 and se-1/0/1.0.0 correctly transmitted 
10+10=20 fragments. 


Destination and Local—IP address of the remote side of the multilink bundle and the local side of the 
multilink bundle. This sample output shows that the destination address is the address on R1 and the 
local address is the address on RO. 


Verifying Link Services CoS Configuration 


Purpose 


Verify CoS configurations on the link services interface. 


Action 


From the CLI, enter the following commands: 
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e show class-of-service interface interface-name 
e show class-of-service classifier name classifier-name 


e show class-of-service scheduler-map scheduler-map-name 
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The sample output provided in this section is based on the configurations provided in“Example: Configuring 


an MLPPP Bundle” on page 419. 


user@RO> show class-of-service interface Isq-0/0/0 


Physical interface: lsq-0/0/0, Index: 136 
Queues supported: 8, Queues in use: 4 
Scheduler map: [default], Index: 2 
Input scheduler map: [default], Index: 3 
Chassis scheduler map: [default-chassis], Index: 4 


Logical interface: lsq-0/0/0.0, Index: 69 


Object Name Type 
Scheduler-map s_map Output 
Classifier ipprec-compatibility aljo) 


user@RO> show class-of-service interface ge-0/0/1 


Physical interface: ge-0/0/1, Index: 140 
Queues supported: 8, Queues in use: 4 
Scheduler map: [default], Index: 2 
Input scheduler map: [default], Index: 3 


Logical interface: ge-0/0/1.0, Index: 68 


Object Name Type 


Classifier classfy_input ip 


user@RO> show class-of-service classifier name classify_input 


Index 
16206 
12 


Index 
4330 


Index: 4330 





Classifier: classfy_input, Code point type: inet-precedence, 
Code point Forwarding class Loss priority 
000 DATA low 
010 VOICE low 





user@RO> show class-of-service scheduler-map s_map 


Scheduler map: s_map, Index: 16206 


Scheduler: DATA, Forwarding class: DATA, Index: 3810 





Transmit rate: 49 percent, Rate Limit: none, Buffer siz 


Drop profiles: 
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49 percent, Priority:low 





















































ILOSNS [OILS ALE Protocol Index Name 
Low any il default-—drop-profil 
Medium low any 1 default-—drop-profil 
Medium high any iL default—drop-profil 
High any il default-—drop-profil 
Scheduler: VOICE, Forwarding class: VOICE, Index: 43363 
Transmit rate: 50 percent, Rate Limit: none, Buffer siz 5 percent, Priority:high 
Drop profiles: 
Loss priority Protocol Index Name 
Low any dl default-—drop-profil 
Medium low any al default-drop-profil 
Medium high any al default-—drop-profil 
High any il default-—drop-profil 
Scheduler: NC, Forwarding class: NC, Index: 2435 
Transmit rate: 1 percent, Rate Limit: none, Buffer siz 1 percent, Priority:high 





Drop profiles: 











Loss priority Protocol Index Name 

Low any il [default-—drop-profile] 
Medium low any 1 [default-—drop-profile] 
Medium high any il [default—-drop-profile] 
High any i [default—drop-profile] 





These output examples show a summary of configured CoS components. Verify the following information: 
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Logical Interface—Name of the multilink bundle and the CoS components applied to the bundle. The 
sample output shows that the multilink bundle is Isq-0/0/0.0, and the CoS scheduler-map s_map is 
applied to it. 


Classifier—Code points, forwarding classes, and loss priorities assigned to the classifier. The sample 
output shows that a default classifier, ipprec-compatibility, was applied to the Isq-0/0/0 interface and 


the classifier classify_input was applied to the ge-0/0/1 interface. 


Scheduler—Transmit rate, buffer size, priority, and loss priority assigned to each scheduler. The sample 
output displays the data, voice, and network control schedulers with all the configured values. 


Understanding the Internal Interface LSQ-0/0/0 Configuration 


The link services interface is an internal interface only. It is not associated with a physical medium or PIM. 
Within an SRX Series device, packets are routed to this interface for link bundling or compression. 


It may be required that you upgrade your configuration to use the internal interface Isq-O/0/0 as the link 
services queuing interface instead of Is-O/0/0, which has been deprecated. You can also roll back your 
modified configuration to use Is-0/0/0. 


Example: Upgrading from Is-0/0/0 to Isq-0/0/0 for Multilink Services 


IN THIS SECTION 


Requirements | 385 
Overview | 386 
Configuration | 386 


Verification | 389 


This example shows how to upgrade from Is-0/0/0 to Isq-0/0/0 (or to reverse the change) for multilink 


services. 


Requirements 


This procedure is only necessary if you are still using Is-O/0/0 instead of Isq-/0/0/0 or if you need to revert 
to the old interface. 
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Overview 


In this example, you rename the link services internal interface from Is-0/0/0 to Isq-0/0/0 or vice versa. 
You rename all occurrences of Is-O/0/0 in the configuration to Isq-0/0/0 and configure the fragmentation 
map by adding no fragmentation. You specify no fragmentation after the name of queue 2, if queue 2 is 
configured, or after assured forwarding. You then attach the fragmentation map configured in the preceding 
step to Isq-0/0/0 and specify the unit number as 6 of the multilink bundle for which interleave fragments 
is configured. 


Then you roll back the configuration from Isq-0/0/0 to Is-O/0/0. You rename all occurrences in the 
configuration from Isq-0/0/0 to Is-O/0/0. You delete the fragmentation map if it is configured under the 
[class-of-service] hierarchy and delete the fragmentation map if it is assigned to Isq-0/0/0. You can delete 
multilink-max-classes if it is configured for Isq-O/0/0 under the [interfaces] hierarchy. You then delete 
link-layer-overhead if it is configured for Isq-0/0/0 under the [interfaces] hierarchy. 


If no fragmentation is configured on any forwarding class and the fragmentation map is assigned to 
Isq-0/0/0, then you configure interleave fragments for the Is-0/0/0 interface. Finally, you configure the 
classifier for LFl packets to refer to queue 2. (The Is-0/0/0 interface treats queue 2 as the LFI queue.) 


Configuration 


CLI Quick Configuration 


To quickly upgrade from Is-0/0/0 to Isq-0/0/0 (or reverse the change), copy the following commands and 
paste them into the CLI: 


For interfaces Is-0/0/0 to Isq-0/0/0 

[edit] 

rename interfaces Is-0/0/0 to Isq-0/0/0 

set class-of-service fragmentation-maps mapé6 forwarding-class assured-forwarding no-fragmentation 
set class-of-service interfaces Isq-0/0/0 unit 6 fragmentation-map map6 


For interfaces Isq-0/0/0 to Is-0/0/0 

[edit] 

rename interfaces Isq-0/0/0 to Is-0/0/0 

delete class-of-service fragmentation-maps map6 

delete class-of-service interfaces Isq-0/0/0 unit 6 fragmentation-map map6 
delete interfaces Isq-0/0/0 unit 6 link-layer-overhead 

delete interfaces Isq-0/0/0:0 mlfr-uni-nni-bundle-options link-layer-overhead 
set interfaces Is-0/0/0 unit 6 interleave-fragments 


Step-by-Step Procedure 
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The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To upgrade from Is-0/0/0 to Isq-0/0/0 or to reverse that change: 


1. Rename all the occurrences of Is-O/0/0 in the configuration. 


[edit] 
user@host# rename interfaces Is-0/0/0 to Isq-0/0/0 


2. Configure the fragmentation map. 


[edit class-of-service fragmentation-maps] 
user@host# set map6 forwarding-class assured-forwarding no-fragmentation 


3. Specify the unit number of the multilink bundle. 


[edit class-of-service ] 
user@host# set interfaces Isq-0/0/0 unit 6 fragmentation-map map6 


4. Roll back the configuration for all occurrences in the configuration. 


[edit] 
user@host# rename interfaces Isq-0/0/0 to Is-0/0/0 


5. Delete fragmentation map under class of service. 


[edit] 
user@host# delete class-of-service fragmentation-maps map6 


6. Delete fragmentation map if it is assigned to the Isq-0/0/0 interface. 


[edit class-of-service interfaces] 
user@host# delete Isq-0/0/0 unit 6 fragmentation-map map6 


7. Delete multilink max classes if it is configured for Isq-0/0/0. 
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NOTE: Multilink-max-classes is not supported and is most likely not configured. 


8. Delete link-layer-overhead if it is configured for Isq-0/0/0. 


[edit interfaces] 
user@host# delete Isq-0/0/0 unit 6 link-layer-overhead 


9. Delete link-layer-overhead if it is configured for Isq-0/0/0:0. 


[edit interfaces] 
user@host# delete Isq-0/0/0:0 mlfr-uni-nni-bundle-options link-layer-overhead 


10. Configure interleave fragments for the Is-0/0/0 interface. 


[edit interfaces] 
user@host# set Is-0/0/0 unit 6 interleave-fragments 


Results 


From configuration mode, confirm your configuration by entering the show class-of-service command. If 
the output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


[edit] 
user@host# show class-of-service 
interfaces { 
Isq-0/0/0 { 
unit 6 { 
fragmentation-map mapé6; 
} 
} 
} 
fragmentation-maps { 
mapé { 
forwarding-class { 
assured-forwarding { 
no-fragmentation; 


} 
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If you are done configuring the device, enter commit from configuration mode. 


Verification 
Confirm that the configuration is working properly. 
Verifying Link Services Internal Interface Is-0/0/0 to Isq-0/0/0 


Purpose 
Verify the link services internal interface Is-0/0/0 changed to Isq-0/0/0. 


Action 


From operational mode, enter the show class-of-service command. 


| Troubleshooting the Link Services Interface 


IN THIS SECTION 


Determine Which CoS Components Are Applied to the Constituent Links | 389 
Determine What Causes Jitter and Latency on the Multilink Bundle | 392 
Determine If LFl and Load Balancing Are Working Correctly | 393 


Determine Why Packets Are Dropped on a PVC Between a Juniper Networks Device and a Third-Party 
Device | 401 


To solve configuration problems on a link services interface: 


Determine Which CoS Components Are Applied to the Constituent Links 


Problem 

Description: You are configuring a multilink bundle, but you also have traffic without MLPPP encapsulation 
passing through constituent links of the multilink bundle. Do you apply all CoS components to the 
constituent links, or is applying them to the multilink bundle enough? 


Solution 
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You can apply a scheduler map to the multilink bundle and its constituent links. Although you can apply 
several CoS components with the scheduler map, configure only the ones that are required. We recommend 
that you keep the configuration on the constituent links simple to avoid unnecessary delay in transmission. 


Table 30 on page 390 shows the CoS components to be applied on a multilink bundle and its constituent 
links. 


Table 30: CoS Components Applied on Multilink Bundles and Constituent Links 


Multilink Constituent 
Cos Component Bundle Links Explanation 
Classifier Yes No CoS classification takes place on the incoming side 
of the interface, not on the transmitting side, so no 
classifiers are needed on constituent links. 
Forwarding class Yes No Forwarding class is associated with a queue, and the 


queue is applied to the interface by a scheduler map. 
The queue assignment is predetermined on the 
constituent links. All packets from Q2 of the multilink 
bundle are assigned to Q2 of the constituent link, 
and packets from all the other queues are queued 
to QO of the constituent link. 


Table 30: CoS Components Applied on Multilink Bundles and Constituent Links (continued) 


Multilink 
Cos Component Bundle Links 
Scheduler map Yes Yes 
Shaping rate for a per-unit | No Yes 
scheduler or an 
interface-level scheduler 
Transmit-rate exact or Yes No 
queue-level shaping 
Rewrite rules Yes No 


Constituent 


Explanation 


Apply scheduler maps on the multilink bundle and 
the constituent link as follows: 


e Transmit rate—Make sure that the relative order 
of the transmit rate configured on QO and Q?2 is 
the same on the constituent links as on the 
multilink bundle. 


e Scheduler priority—Make sure that the relative 
order of the scheduler priority configured on QO 
and Q2 is the same on the constituent links as on 
the multilink bundle. 


e Buffer size—Because all non-LFl packets from the 
multilink bundle transit on QO of the constituent 
links, make sure that the buffer size on QO of the 
constituent links is large enough. 


e RED drop profile—Configure a RED drop profile 
on the multilink bundle only. Configuring the RED 
drop profile on the constituent links applies a back 
pressure mechanism that changes the buffer size 
and introduces variation. Because this behavior 
might cause fragment drops on the constituent 
links, make sure to leave the RED drop profile at 
the default settings on the constituent links. 


Because per-unit scheduling is applied only at the 
end point, apply this shaping rate to the constituent 
links only. Any configuration applied earlier is 
overwritten by the constituent link configuration. 


The interface-level shaping applied on the 
constituent links overrides any shaping on the queue. 
Thus apply transmit-rate exact shaping on the 
multilink bundle only. 


Rewrite bits are copied from the packet into the 
fragments automatically during fragmentation. Thus 
what you configure on the multilink bundle is carried 
on the fragments to the constituent links. 
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Table 30: CoS Components Applied on Multilink Bundles and Constituent Links (continued) 


Multilink Constituent 
Cos Component Bundle Links Explanation 
Virtual channel group Yes No Virtual channel groups are identified through firewall 


filter rules that are applied on packets only before 
the multilink bundle. Thus you do not need to apply 
the virtual channel group configuration to the 


constituent links. 


SEE ALSO 


See the Junos OS Class of Service Configuration Guide for Security Devices 


Determine What Causes Jitter and Latency on the Multilink Bundle 


Problem 

Description: To test jitter and latency, you send three streams of IP packets. All packets have the same IP 
precedence settings. After configuring LFl and CRTP, the latency increased even over a noncongested 
link. How can you reduce jitter and latency? 


Solution 


To reduce jitter and latency, do the following: 


1. Make sure that you have configured a shaping rate on each constituent link. 


2. Make sure that you have not configured a shaping rate on the link services interface. 


3. Make sure that the configured shaping rate value is equal to the physical interface bandwidth. 


4. |f shaping rates are configured correctly, and jitter still persists, contact the Juniper Networks Technical 
Assistance Center (JTAC). 


SEE ALSO 


RPM Overview 


Determine If LFl and Load Balancing Are Working Correctly 


Problem 

Description: In this case, you have a single network that supports multiple services. The network transmits 
data and delay-sensitive voice traffic. After configuring MLPPP and LFI, make sure that voice packets are 
transmitted across the network with very little delay and jitter. How can you find out if voice packets are 
being treated as LFl packets and load balancing is performed correctly? 


Solution 


When LFI is enabled, data (non-LFl) packets are encapsulated with an MLPPP header and fragmented to 
packets of a specified size. The delay-sensitive, voice (LFl) packets are PPP-encapsulated and interleaved 
between data packet fragments. Queuing and load balancing are performed differently for LFl and non-LFl 
packets. 


To verify that LFl is performed correctly, determine that packets are fragmented and encapsulated as 
configured. After you know whether a packet is treated as an LFI packet or a non-LFI packet, you can 
confirm whether the load balancing is performed correctly. 


Solution Scenario—Suppose two Juniper Networks devices, RO and R1, are connected by a multilink bundle 
Isq-0/0/0.0 that aggregates two serial links, se-1/0/0 and se-1/0/1. On RO and R1, MLPPP and LFI are 
enabled on the link services interface and the fragmentation threshold is set to 128 bytes. 


In this example, we used a packet generator to generate voice and data streams. You can use the packet 
capture feature to capture and analyze the packets on the incoming interface. 


The following two data streams were sent on the multilink bundle: 

e 100 data packets of 200 bytes (larger than the fragmentation threshold) 
e 500 data packets of 60 bytes (smaller than the fragmentation threshold) 
The following two voice streams were sent on the multilink bundle: 

e 100 voice packets of 200 bytes from source port 100 


e 300 voice packets of 200 bytes from source port 200 
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To confirm that LFI and load balancing are performed correctly: 


NOTE: Only the significant portions of command output are displayed and described in this 
example. 
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1. Verify packet fragmentation. From operational mode, enter the show interfaces Isq-0/0/0 command 


to check that large packets are fragmented correctly. 


user@RO#> show interfaces Isq-0/0/0 


Physical interface: lsq-0/0/0, Enabled, Physical link is Up 
Interface index: 136, SNMP ifindex: 29 

Link-level type: LinkService, MTU: 1504 

Device flags : Present Running 


Interface flags: Point-To-Point SNMP-Traps 





Last flapped : 2006-08-01 10:45:13 PDT (2w0d 06:06 ago) 
Input rate Ome Osman (OMOSH) 
Output rate ae Ombo oO Sm(OmpDOs)) 


Logical interface lsq-0/0/0.0 (Index 69) (SNMP ifIndex 42) 
Flags: Point-To-Point SNMP—-Traps 0x4000 Encapsulation: Multilink—-PPP 
Bandwidth: l16mbps 





Sivolteies temas Frames fps Bytes bps 
Bundle: 
Pgacimie mest: 
ingore 8 0 0 0 
Output: 1100 0 118800 
PEUCIKScS 8 
Iiagawte 2 0 0 0 0 
Output: 1000 0 112000 0 


Protocol inet, MTU: 1500 
Flags: None 





Addresses, Flags: Is-Preferred Is—Primary 
Destination: 9.9.9/24, Local: 9.9.9.10 


Meaning—The output shows a summary of packets transiting the device on the multilink bundle. Verify 
the following information on the multilink bundle: 


e The total number of transiting packets = 1000 
e The total number of transiting fragments=1100 


e The number of data packets that were fragmented =100 


The total number of packets sent (600 + 400) on the multilink bundle match the number of transiting 
packets (1000), indicating that no packets were dropped. 


The number of transiting fragments exceeds the number of transiting packets by 100, indicating that 
100 large data packets were correctly fragmented. 


Corrective Action—lIf the packets are not fragmented correctly, check your fragmentation threshold 
configuration. Packets smaller than the specified fragmentation threshold are not fragmented. 
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2. Verify packet encapsulation. To find out whether a packet is treated as an LFI or non-LFl packet, 
determine its encapsulation type. LFl packets are PPP encapsulated, and non-LFl packets are 
encapsulated with both PPP and MLPPP. PPP and MLPPP encapsulations have different overheads 
resulting in different-sized packets. You can compare packet sizes to determine the encapsulation type. 


A small unfragmented data packet contains a PPP header and a single MLPPP header. In a large 
fragmented data packet, the first fragment contains a PPP header and an MLPPP header, but the 
consecutive fragments contain only an MLPPP header. 


PPP and MLPPP encapsulations add the following number of bytes to a packet: 
e PPP encapsulation adds 7 bytes: 

4 bytes of header+2 bytes of frame check sequence (FCS)+1 byte that is idle or contains a flag 
e MLPPP encapsulation adds between 6 and 8 bytes: 


4 bytes of PPP header+2 to 4 bytes of multilink header 


Figure 22 on page 396 shows the overhead added to PPP and MLPPP headers. 


Figure 22: PPP and MLPPP Headers 








é 1 byte — 1 byte q 7 1 byte Se 1 byte 


Protocol Protocol 











Data 


016709 


Idle/Flag 




















PPP header per packet MLPPP header per fragment (with long sequence numbers) 


For CRTP packets, the encapsulation overhead and packet size are even smaller than for an LFI packet. 
For more information, see Example: Configuring the Compressed Real-Time Transport Protocol. 


Table 31 on page 396 shows the encapsulation overhead for a data packet and a voice packet of 70 
bytes each. After encapsulation, the size of the data packet is larger than the size of the voice packet. 


Table 31: PPP and MLPPP Encapsulation Overhead 


Initial Packet Size 
Packet after 
Packet Type Encapsulation Size Encapsulation Overhead Encapsulation 


Voice packet (LF1) PPP 70 bytes 4+2+1=7 bytes 77 bytes 


Table 31: PPP and MLPPP Encapsulation Overhead (continued) 


Packet Type Encapsulation 


Data fragment (non-LFl) | MLPPP 
with short sequence 


Data fragment (non-LFl) | MLPPP 
with long sequence 


Initial 
Packet 


Size Encapsulation Overhead 


70 bytes 4+2+1+4+2=13 bytes 


70 bytes 4+2+1+4+4=15 bytes 
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Packet Size 
after 
Encapsulation 


83 bytes 


85 bytes 


From operational mode, enter the show interfaces queue command to display the size of transmitted 


packet on each queue. Divide the number of bytes transmitted by the number of packets to obtain the 


size of the packets and determine the encapsulation type. 


3. Verify load balancing. From operational mode, enter the show interfaces queue command on the 


multilink bundle and its constituent links to confirm whether load balancing is performed accordingly 


on the packets. 


user@RO> show interfaces queue Isq- 


Physical interface: lsq-0/0/0, 
ineemtace andext sion SNMP sa 


Forwarding classes: 8 supporte 





Egress queues: 8 supported, 8 
Queue: 0, Forwarding classes: 
Oucucdr 

Packets 

Bytes 
Transmitted: 

Packets 

Bytes 





Tail-dropped packets 








RED-dropped packets 


0/0/0 





fIndex: 29 
d, 8 in use 
in use 


DATA 


600 
44800 


600 
44800 





Queue: 1, Forwarding classes: 
Queued: 
Packets 
Bytes 


Queue: 2, Forwarding classes: 
Queued: 


Packets 


xpedited-forwarding 


VOICE 
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Enabled, Physical link is Up 





Sa && 


Pps 


0 bps 


Pps 
bps 
Pps 
Pps 


pps 
bps 


Pps 


Bytes 
Transmitted: 
Packets 


Bytes 


Queue: 3, Forwarding classes: NC 
Queued: 
Packets 


Bytes 


user@RO> show interfaces queue se-1/0/0 





Physical interface: se-1/0/0, Enabled, Physical link is Up 


Interface index: 141, SNMP if Index: 


61344 
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61344 


Forwarding classes: 8 supported, 8 in use 





Egress queues: 8 supported, 8 in use 


Queue: 0, Forwarding classes: DATA 








Queued: 
Packets 350 
Bytes 24350 
Transmitted: 
Packets 350 
Bytes 24350 
Queue: 1, Forwarding classes: expedited-forwarding 
Queued: 
Packets 
Bytes 
Queue: 2, Forwarding classes: VOICE 
Queued: 
Packets 100 
Byes L272 
Transmitted: 
Packets 100 
Bytes 152 2 
Queue: 3, Forwarding classes: NC 
Queued: 
Packets 19 
Bytes 247 
Transmitted: 
Packets ES) 


bps 


pps 
bps 


pps 
bps 


pps 
bps 


0 pps 
0 bps 


0 pps 
0 bps 


pps 
bps 


pps 
bps 


0 pps 
0 bps 


Pps 
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Bytes y 247 0 bps 


user@RO> show interfaces queue se-1/0/1 





Physical interface: se-1/0/1, Enabled, Physical link is Up 
Interface index: 142, SNMP ifIndex: 38 


Forwarding classes: 8 supported, 8 in use 





Egress queues: 8 supported, 8 in use 


Queue: 0, Forwarding classes: DATA 





Queued: 
Packets : 350 0 pps 
Bytes : 24350 0 bps 
Transmitted: 
Packets : 350 0 pps 
Bytes : 24350 0 bps 
Queue: 1, Forwarding classes: expedited-forwarding 
Queued: 
Packets . 0 0 pps 
Bytes : 0 0 bps 





EI 


Queue: 2, Forwarding classes: VOIC 


Queued: 
Packets : 300 0 pps 
Bytes B 45672 0 bps 
Transmitted: 
Packets 3 300 0 pps 
Bytes g 45672 0 bps 


Queue: 3, Forwarding classes: NC 


Queued: 
Packets B 18 0 pps 
Bytes 8 234 0 bps 
Transmitted: 
Packets : 18 0 pps 
Bytes : 234 ODEs 


Meaning—The output from these commands shows the packets transmitted and queued on each queue 
of the link services interface and its constituent links. Table 32 on page 400 shows a summary of these 
values. (Because the number of transmitted packets equaled the number of queued packets on all the 
links, this table shows only the queued packets.) 
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Table 32: Number of Packets Transmitted on a Queue 


Bundle Constituent Link Constituent Link 

Packets Queued Isq-O/0/0.0 | se-1/0/0 se-1/0/1 Explanation 

Packets on QO 600 350 350 The total number of packets 
transiting the constituent links 
(350+350 = 700) exceeded the 
number of packets queued (600) on 
the multilink bundle. 

Packets on Q2 400 100 300 The total number of packets 
transiting the constituent links 
equaled the number of packets on 
the bundle. 

Packets on Q3 (0) 19 18 The packets transiting Q3 of the 


constituent links are for keepalive 
messages exchanged between 
constituent links. Thus no packets 
were counted on Q3 of the bundle. 


On the multilink bundle, verify the following: 


e The number of packets queued matches the number transmitted. If the numbers match, no packets 
were dropped. If more packets were queued than were transmitted, packets were dropped because 
the buffer was too small. The buffer size on the constituent links controls congestion at the output 
stage. To correct this problem, increase the buffer size on the constituent links. 


e The number of packets transiting QO (600) matches the number of large and small data packets 
received (100+500) on the multilink bundle. If the numbers match, all data packets correctly transited 


QO. 


e The number of packets transiting Q2 on the multilink bundle (400) matches the number of voice 
packets received on the multilink bundle. If the numbers match, all voice LFI packets correctly transited 


Q2. 


On the constituent links, verify the following: 


e The total number of packets transiting QO (350+350) matches the number of data packets and data 
fragments (500+200). If the numbers match, all the data packets after fragmentation correctly transited 
QO of the constituent links. 


Packets transited both constituent links, indicating that load balancing was correctly performed on 
non-LFl packets. 
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e The total number of packets transiting Q2 (300+100) on constituent links matches the number of 
voice packets received (400) on the multilink bundle. If the numbers match, all voice LFl packets 
correctly transited Q2. 


LFl packets from source port 100 transited se-1/0/0, and LFI packets from source port 200 transited 
se-1/0/1. Thus all LFl (Q2) packets were hashed based on the source port and correctly transited 
both constituent links. 


Corrective Action—If the packets transited only one link, take the following steps to resolve the problem: 


a. Determine whether the physical link is up (operational) or down (unavailable). An unavailable link 
indicates a problem with the PIM, interface port, or physical connection (link-layer errors). If the 
link is operational, move to the next step. 


b. Verify that the classifiers are correctly defined for non-LFI packets. Make sure that non-LFI packets 
are not configured to be queued to Q2. All packets queued to Q2 are treated as LFI packets. 


c. Verify that at least one of the following values is different in the LFl packets: source address, 
destination address, IP protocol, source port, or destination port. If the same values are configured 
for all LFl packets, the packets are all hashed to the same flow and transit the same link. 


4. Use the results to verify load balancing. 


Determine Why Packets Are Dropped on a PVC Between a Juniper Networks Device and a 
Third-Party Device 


Problem 
Description: You are configuring a permanent virtual circuit (PVC) between T1, E1, T3, or E3 interfaces 
on a Juniper Networks device and a third-party device, and packets are being dropped and ping fails. 


Solution 

If the third-party device does not have the same FRF.12 support as the Juniper Networks device or supports 
FRF.12 in a different way, the Juniper Networks device interface on the PVC might discard a fragmented 
packet containing FRF.12 headers and count it as a "Policed Discard." 


As a workaround, configure multilink bundles on both peers, and configure fragmentation thresholds on 
the multilink bundles. 
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Configuring Link Fragmentation and Interleaving 


IN THIS SECTION 


@ Understanding Link Fragmentation and Interleaving Configuration | 402 


@ Example: Configuring Link Fragmentation and Interleaving | 403 


The factor that determines the order in which output interface transmits traffic from an output queue is 
the priority scheduling on a multilink bundle. The large packets using this multilink bundle, cause delay for 
the small and delay-sensitive packets to reach their turn for transmission. This delay renders some slow 
links like, T1 and E1, useless for delay-sensitive traffic. Link fragmentation and interleaving (LFI) solves 
this problem. The topics below topics the LFI in detail and its configuration. 


| Understanding Link Fragmentation and Interleaving Configuration 


As it does on any other interface, priority scheduling on a multilink bundle determines the order in which 
an output interface transmits traffic from an output queue. The queues are serviced in a weighted 
round-robin fashion. But when a queue containing large packets starts using the multilink bundle, small 
and delay-sensitive packets must wait their turn for transmission. Because of this delay, some slow links, 
such as T1 and E11, can become useless for delay-sensitive traffic. 


Link fragmentation and interleaving (LFI) solves this problem. It reduces delay and jitter on links by 
fragmenting large packets and interleaving delay-sensitive packets with the resulting smaller packets for 
simultaneous transmission across multiple links of a multilink bundle. 


Figure 23 on page 403 illustrates how LFI works. In this figure, device RO and device R1 have LFI enabled. 
When device RO receives large and small packets, such as data and voice packets, it divides them into two 
categories. All voice packets and any other packets configured to be treated as voice packets are categorized 
as LFI packets and transmitted without fragmentation or an MLPPP header. If CRTP is configured on the 
bundle, LFI packets are transmitted through CRTP processing. The remaining non-LFl (data) packets can 
be fragmented or unfragmented based on the configured fragmentation threshold. The packets larger than 
the fragmentation threshold are fragmented. An MLPPP header (containing a multilink sequence number) 
is added to all non-LFl packets, fragmented and unfragmented. 


The fragmentation is performed according to the fragmentation threshold that you configure. For example, 
if you configure a fragmentation threshold of 128 bytes, all packets larger than 128 bytes are fragmented. 
When device R1 receives the packets, it sends the unfragmented voice packets immediately but buffers 
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the packet fragments until it receives the last fragment for a packet. In this example, when device R1 
receives fragment 5, it reassembles the fragments and transmits the whole packet. 


The unfragmented data packets are treated as a single fragment. Thus device R1 does not buffer the 
unfragmented data packets and transmits them as it receives them. 


Figure 23: LFl on a Services Router 
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To configure LFI, you define the MLPPP encapsulation type and enable fragmentation and interleaving of 
packets by specifying the fragmentation threshold and fragmentation maps, with a no-fragmentation knob 
mapped to the forwarding class of choice. 


| Example: Configuring Link Fragmentation and Interleaving 


IN THIS SECTION 


Requirements | 403 
Overview | 404 
Configuration | 404 


Verification | 404 


This example shows how to configure LFI. 


Requirements 


Before you begin, you should have two Juniper Networks devices configured with at least two serial 
interfaces that communicate over serial links. This example shows two devices. 
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Overview 


In this example, you create an interface called Isq-0/0/0. You specify the encapsulation type as multilink-ppp 
and set the fragmentation threshold value to 128. Set a fragmentation threshold of 128 bytes on the 
MLPPP bundle so that it applies to all traffic on both constituent links, enabling that any packet larger than 
128 bytes transmitted on these links is fragmented. Any nonzero value must be a multiple of 64 bytes. 
The value can be between 128 and 16320. The default value is O bytes. 


Configuration 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure LF: 


1. Create an interface. 


[edit] 
user@host# edit interfaces Isq-0/0/0 


2. Specify the encapsulation type and fragmentation threshold value. 


[edit interfaces Isq-0/0/0] 
user@host# set unit O encapsulation multilink-ppp fragment-threshold 128 


3. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


Verification 


Verifying Link Fragmentation and Interleaving Configuration 


Purpose 


Verify the LFl configuration. 


Action 


From operational mode, enter the show interfaces Isq-0/0/0 command. 
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Configuring Class-of-Service on Link Services 
Interfaces 


IN THIS SECTION 


Understanding How to Define Classifiers and Forwarding Classes | 405 
Example: Defining Classifiers and Forwarding Classes | 406 
Understanding How to Define and Apply Scheduler Maps | 410 
Example: Configuring Scheduler Maps | 411 

Understanding Interface Shaping Rates | 416 

Example: Configuring Interface Shaping Rates | 416 


On a Juniper Networks device, when LFI is enabled, all forwarding traffic assigned to queue 2 or member 


link is treated as LFI (voice) traffic. The topics below discuss the overview of classifiers and forwarding 


class, definition and application of schedule maps, and overview and configuration details of interface 


shaping rates on SRX series devices. 


Understanding How to Define Classifiers and Forwarding Classes 


By defining classifiers you associate incoming packets with a forwarding class and loss priority. Based on 


the associated forwarding class, you assign packets to output queues. To configure classifiers, you specify 
the bit pattern for the different types of traffic. The classifier takes this bit pattern and attempts to match 
it to the type of packet arriving on the interface. If the information in the packet’s header matches the 


specified pattern, the packet is sent to the appropriate queue, defined by the forwarding class associated 


with the classifier. 


On a Juniper Networks device, when LFI is enabled, all forwarding traffic assigned to queue 2 or member 


link is treated as LFI (voice) traffic. You do not need to assign network control traffic to a queue explicitly, 


because it is assigned to queue 3 by default. 
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NOTE: 


On member links: 


e DATA is assigned to queue 0. 
e VOICE is assigned to queue 2. 


e NC (network control) is assigned to queue 3. By default NC is assigned to queue 3. 


| Example: Defining Classifiers and Forwarding Classes 


IN THIS SECTION 


Requirements | 406 
Overview | 406 
Configuration | 407 


Verification | 409 


This example shows how to define classifiers for different types of traffic, such as voice, data, and network 
control packets, and to direct the traffic to different output queues to manage your throughput. 


Requirements 


Before you begin: 
e Configure two Juniper Networks devices with at least two serial interfaces that communicate over serial 
links. 


e Configure CoS components. See Junos OS Class of Service Configuration Guide for Security Devices. 


Overview 


In this example, you configure class of service and set the default IP precedence classifier to classify_input, 
which is assigned to all incoming traffic. You then set the precedence bit value in the type of service field 
to 000 for all incoming data traffic and 010 for all incoming voice traffic. You set all outgoing data traffic 
to queue 0 and all voice traffic to queue 2, and fragmentation-map maps queue 2 to no fragmentation. 
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Configuration 


CLI Quick Configuration 

To quickly configure this example, copy the following commands, paste them into a text file, remove any 
line breaks, change any details necessary to match your network configuration, and then copy and paste 
the commands into the CLI at the [edit] hierarchy level. 


set class-of-service classifiers inet-precedence classify_input forwarding-class DATA loss-priority low code-points 
000 

set class-of-service classifiers inet-precedence classify_input forwarding-class VOICE loss-priority low code-points 
010 

set class-of-service forwarding-classes queue 0 DATA 

set class-of-service forwarding-classes queue 2 VOICE 

set class-of-service forwarding-classes queue 3 NC 

set class-of-service interfaces ge-0/0/1 unit 0 classifiers inet-precedence classify_input 

set class-of-service fragmentation-maps FM forwarding-class VOICE no-fragmentation 

set class-of-service interfaces Isq-0/0/0 unit 0 fragmentation-map FM 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide. 


To define classifiers and forwarding classes: 


1. Configure class of service. 


[edit] 
user@host# edit class-of-service 


2. Configure the behavior aggregate classifier for classifying packets. 


[edit class-of-service] 
user@host# edit classifiers inet-precedence classify_input 


3. Assign packets with IP precedence to the data forwarding class and specify a loss priority. 


[edit class-of-service classifiers inet-precedence classify_input] 
user@host# set forwarding-class DATA loss-priority low code-points 000 


4. Assign packets with IP precedence to the voice forwarding class and specify a loss priority. 


[edit class-of-service classifiers inet-precedence classify_input] 
user@host# set forwarding-class VOICE loss-priority low code-points 010 


5. Specify the forwarding class one-to-one with the output queues. 


[edit class-of-service] 

user@host# edit forwarding-classes 
user@host# set queue O DATA 
user@host# set queue 2 VOICE 
user@host# set queue 3 NC 


6. Create an interface and apply the behavior aggregate classifier. 


[edit class-of-service] 
user@host# edit interfaces ge-0/0/1 
user@host# set unit 0 classifiers inet-precedence classify_input 


7. Configure fragmentation map. 


[edit] 
user@host# edit class-of-service 
user@host# set fragmentation-maps FM forwarding-class VOICE no-fragmentation 


8. Attach fragmentation map to the interface. 


[edit class-of-service] 
user@host# set interfaces Isq-0/0/0 unit 0 fragmentation-map FM 


Results 

From configuration mode, confirm your configuration by entering the show class-of-service command. If 
the output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


[edit] 
user@host# show class-of-service 
classifiers { 
inet-precedence classify_input { 
forwarding-class DATA { 
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loss-priority low code-points O00; 
} 

forwarding-class VOICE { 
loss-priority low code-points 010; 


} 


} 
forwarding-classes { 
queue O DATA; 
queue 2 VOICE; 
queue 3 NC; 
} 
interfaces { 
Isq-0/0/0 { 
unit O { 
fragmentation-map FM; 
} 
} 
ge-0/0/1 { 
unit O { 
classifiers { 
inet-precedence classify_input; 


} 


} 
} 
fragmentation-maps { 
FM { 
forwarding-class { 
VOICE { 
no-fragmentation; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


@ Verifying Classifiers and Forwarding Classes | 410 


409 
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To confirm that the configuration is working properly, perform this task: 


Verifying Classifiers and Forwarding Classes 


Purpose 


Verify the classifiers and the forwarding classes. 


Action 


From operational mode, enter the show class-of-service command. 


Understanding How to Define and Apply Scheduler Maps 


Juniper Networks devices support per-unit scheduling set class-of-service schedulers SO priority low, 
which allows you to configure scheduler maps on each MLPPP or MLFR multilink bundle. You can also 
configure scheduler maps on constituent links, but you must maintain the same relative priority on the 
constituent links and on the multilink bundle. 


If you configure CoS components with LFI on a Juniper Networks device, we recommend that you follow 
certain recommendations for shaping rate, scheduling priority, and buffer size. 


When you configure LFI, we recommend that you configure the shaping rate on each constituent link of 
the multilink bundle. Shaping rate configuration on the constituent links is required to limit the jitter on 
the LFl queue. If you anticipate no delay-sensitive or jitter-sensitive traffic on the LFl queue, or if there is 
no LFI traffic at all, shaping rate configuration is optional. 


Table 33 on page 410 shows an example of correct and incorrect relative priorities on a multilink bundle 
and its constituent link. In this example, you have assigned a high priority to LFl packets and a low priority 
to data packets on the multilink bundle. To maintain the relative priority on the constituent links, you can 
assign a high priority to the LFl packets and a medium-high priority to the data packets, but you cannot 
assign a medium-high priority to LFl packets and a high priority to data packets. 


Table 33: Relative Priorities on Multilink Bundles and Constituent Links 


Incorrect Constituent Link 


Multilink Bundle Correct Constituent Link Priorities | Priorities 
LFI packets—High priority LFI packets—High priority LFl packet—Medium-high priority 
Data packets—Low priority Data packets—Medium-high priority | Data packets—High priority 


By defining schedulers you configure the properties of output queues that determine the transmission 
service level for each queue. These properties include the amount of interface bandwidth assigned to the 
queue, the size of the memory buffer allocated for storing packets, and the priority of the queue. After 
defining schedulers you associate them with forwarding classes by means of scheduler maps. You then 
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associate each scheduler map with an interface, thereby configuring the hardware queues and packet 


schedulers that operate according to this mapping. 


NOTE: When data and LFI streams are present, the following scheduler map configuration is 
recommended for constituent links. This gives less latency for LFI traffic and avoids out-of-order 
transmission of data traffic. 


Configure the following schedulers: 

e set class-of-service schedulers SO buffer-size temporal 20k 
e set class-of-service schedulers SO priority low 

e set class-of-service schedulers S2 priority high 

e set class-of-service schedulers S3 priority high 

Configure the following scheduler map: 


e set class-of-service scheduler-maps Isqlink_map forwarding-class best-effort scheduler SO 


e set class-of-service scheduler-maps Isqlink_map forwarding-class assured-forwarding scheduler 
$2 


e set class-of-service scheduler-maps Isqlink_map forwarding-class network-control scheduler 
S3 


Attach scheduler map to all member links: 


e set class-of-service interfaces t1-2/0/0 unit 0 scheduler-map Isqlink_map 


NOTE: Even after this configuration, if out-of-range sequence number drops are observed on 
the reassembly side, increase the drop-timeout of the bundle to 200 ms. 


| Example: Configuring Scheduler Maps 


IN THIS SECTION 


Requirements | 412 
Overview | 412 


@ = Configuration | 412 
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This example shows how to configure scheduler maps to determine the transmission service level for each 
output queue. 


Requirements 


Before you begin, you should have two Juniper Networks devices configured with at least two serial 
interfaces that communicate over serial links. 


Overview 


In this example, you create interfaces called Isq-0/0/0, se-1/0/0, and se-1/0/1. You enable per-unit 
scheduling to allow the configuration of scheduler maps on the bundle. You configure a scheduler map as 
s_map on Isq-0/0/0. You then apply the scheduler map to the constituent links, se-1/0/0 and se-1/0/1, 
of the multilink bundle. You associate the scheduler with each of the forwarding classes, DATA, VOICE 
and NC. You define the properties of output queues for the DATA scheduler by setting the transmit rate 
and the buffer size to 49 percent. You specify the properties of output queues for the VOICE scheduler 
by setting the transmit rate to 50 percent, the buffer size to 5 percent, and the priority to high. Finally, 
you define the properties of output queues for the NC scheduler by setting the transmit rate and the buffer 
size to 1 percent and the priority to high. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following commands, paste them into a text file, remove any 
line breaks, change any details necessary to match your network configuration, and then copy and paste 
the commands into the CLI at the [edit] hierarchy level. 


set interfaces Isq-0/0/0 per-unit-scheduler 

set interfaces se-1/0/0 per-unit-scheduler 

set interfaces se-1/0/1 per-unit-scheduler 

set class-of-service interfaces Isq-0/0/0 unit O scheduler-map s_map 

set class-of-service interfaces se-1/0/0 unit 0 scheduler-map s_map 

set class-of-service interfaces se-1/0/1 unit O scheduler-map s_map 

set class-of-service scheduler-maps s_map forwarding-class DATA scheduler DATA 
set class-of-service scheduler-maps s_map forwarding-class VOICE scheduler VOICE 
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set class-of-service scheduler-maps s_map forwarding-class NC scheduler NC 
set class-of-service schedulers DATA transmit-rate percent 49 

set class-of-service schedulers DATA buffer-size percent 49 

set class-of-service schedulers VOICE transmit-rate percent 50 

set class-of-service schedulers VOICE buffer-size percent 5 

set class-of-service schedulers VOICE priority high 

set class-of-service schedulers NC transmit-rate percent 1 

set class-of-service schedulers NC buffer-size percent 1 

set class-of-service schedulers NC priority high 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide. 


To configure scheduler maps: 


1. Create interfaces and enable per-unit scheduling. 


[edit interfaces] 

user@host# set Isq-0/0/0 per-unit-scheduler 
user@host# set se-1/0/0 per-unit-scheduler 
user@host# set se-1/0/1 per-unit-scheduler 


2. Define a scheduler map and apply it to the constituent links in the multilink bundle. 


[edit class-of-service interfaces] 

user@host# set Isq-0/0/0 unit 0 scheduler-map s_map 
user@host# set se-1/0/0 unit O scheduler-map s_map 
user@host# set se-1/0/1 unit 0 scheduler-map s_map 


3. Associate a scheduler with each forwarding class. 


[edit class-of-service scheduler-maps] 

user@host# set s_map forwarding-class DATA scheduler DATA 
user@host# set s_map forwarding-class VOICE scheduler VOICE 
user@host# set s_map forwarding-class NC scheduler NC 


4. Define the properties of output queues for the DATA scheduler. 


[edit class-of-service schedulers] 
user@host# set DATA transmit-rate percent 49 


user@host# set DATA buffer-size percent 49 


5. Define the properties of output queues for the VOICE scheduler. 


[edit class-of-service schedulers] 

user@host# set VOICE transmit-rate percent 50 
user@host# set VOICE buffer-size percent 5 
user@host# set VOICE priority high 


6. Define the properties of output queues for the NC scheduler. 


[edit class-of-service schedulers] 
user@host# set NC transmit-rate percent 1 
user@host# set NC buffer-size percent 1 
user@host# set NC priority high 


Results 
From configuration mode, confirm your configuration by entering the show class-of-service command. If 
the output does not display the intended configuration, repeat the configuration instructions in this example 


to correct it. 


[edit] 
user@host# show class-of-service 
interfaces { 
Isq-0/0/0 { 
unit O { 
scheduler-map s_map; 
} 
} 
se-1/0/0 { 
unit O { 
scheduler-map s_map; 
} 
} 
se-1/0/1 { 
unit O { 
scheduler-map s_map; 


} 
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scheduler-maps { 

s_map { 

forwarding-class DATA scheduler DATA; 
forwarding-class VOICE scheduler VOICE; 
forwarding-class NC scheduler NC; 


schedulers { 
DATA { 
transmit-rate percent 49; 
buffer-size percent 49; 
} 
VOICE { 
transmit-rate percent 50; 
buffer-size percent 5; 
priority high; 
} 
NC { 
transmit-rate percent 1; 
buffer-size percent 1; 
priority high; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


@ Verifying the Configuration of scheduler maps. | 415 


To confirm that the configuration is working properly, perform this task: 


Verifying the Configuration of scheduler maps. 


Purpose 


Verify the configuration of scheduler maps. 


Action 
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From operational mode, enter the show class-of-services Isq-0/0/0 scheduler-map s_map, show 
class-of-services se-1/0/0 scheduler-map s_map, and show class-of-services se-1/0/1 scheduler-map 
s_map commands. 


Understanding Interface Shaping Rates 


When you configure LFI, we recommend that you configure the shaping rate on each constituent link of 
the multilink bundle. Shaping rate configuration on the constituent links is required to limit the jitter on 
the LFI queue. If you anticipate no delay-sensitive or jitter-sensitive traffic on the LFl queue, or if there is 
no LFI traffic at all, shaping rate configuration is optional. 


The shaping rate specifies the amount of bandwidth to be allocated for the multilink bundle. You must 
configure the shaping rate to be equal to the combined physical interface bandwidth for the constituent 
links. The combined bandwidth capacity of the two constituent links is 2 Mbps. Hence, configure a shaping 
rate of 2 Mbps on each constituent link. 


Example: Configuring Interface Shaping Rates 
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This example shows how to configure interface shaping rates to control the maximum rate of traffic 
transmitted on an interface. 


Requirements 


Before you begin: 


e Configure two Juniper Networks devices configured with at least two serial interfaces that communicate 
over serial links. For more information about serial interfaces. See “Serial Interfaces Overview” on page 547. 
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e To apply shaping rates to interfaces, you have to first enable per-unit scheduling. For more information 
on per-unit scheduling. See “Example: Configuring Scheduler Maps” on page 411. 


Overview 


In this example, you set the shaping rate to 2000000 for the constituent links of the multilink bundle, 
se-1/0/0 and se-1/0/1. 


Configuration 


Step-by-Step Procedure 


To configure the interface shaping rates: 


1. Configure class of service. 


[edit] 
user@host# edit class-of-service 


2. Apply the shaping rates to the constituent links of the multilink bundle. 


[edit class-of-service] 
user@host# set interfaces se-1/0/0 unit O shaping-rate 2000000 
user@host# set interfaces se-1/0/1 unit O shaping-rate 2000000 


Verification 


To verify the configuration is working properly, enter the show class-of-service command. 


RELATED DOCUMENTATION 


Junos OS Feature Support Reference for SRX Series and J Series Devices 
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Achieving Greater Bandwidth, Load Balancing, and 
Redundancy with Multilink Bundles 


IN THIS SECTION 


@ Understanding MLPPP Bundles and Link Fragmentation and Interleaving (LFI) on Serial Links | 418 
@ ~~ Example: Configuring an MLPPP Bundle | 419 


The topics below discuss the overview of MLPPP Bundles and Link Fragmentation and Interleaving (LF1) 
on Serial Links, and configuring an MLPP bundle on security devices. 


Understanding MLPPP Bundles and Link Fragmentation and Interleaving 
(LFI) on Serial Links 


Juniper Networks devices support MLPPP and MLFR multilink encapsulations. MLPPP multilink 
encapsulation enables you to bundle multiple PPP links into a single multilink bundle and MLFR multilink 
encapsulation enables you to bundle multiple Frame Relay data-link connection identifiers (DLCIs) into a 
single multilink bundle. Multilink bundles provide additional bandwidth, load balancing, and redundancy 
by aggregating low-speed links, such as T1, E1, and serial links. 


NOTE: Currently, Junos OS supports bundling of only one xDSL link under bundle interface. 


You configure multilink bundles as logical units or channels on the link services interface Isq-0/0/0: 


e With MLPPP and MLFR FRF.15, multilink bundles are configured as logical units on Isq-0/0/0—for 
example, Isq-0/0/0.0 and Isq-0/0/0.1. 


e With MLFR FRF.16, multilink bundles are configured as channels on Isq-0/0/0—for example, Isq-0/0/0:0 
and Isq-0/0/0:1. 


After creating multilink bundles, you add constituent links to the bundle. The constituent links are the 
low-speed physical links that are to be aggregated. You can create 64 multilink bundles, and on each 
multilink bundle you can add up to 8 constituent links. The following rules apply when you add constituent 
links to a multilink bundle: 
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e On each multilink bundle, add only interfaces of the same type. For example, you can add either T1 or 
E1, but not both. 


e Only interfaces with a PPP encapsulation can be added to an MLPPP bundle, and only interfaces with 
a Frame Relay encapsulation can be added to an MLFR bundle. 


e If an interface is a member of an existing bundle and you add it to a new bundle, the interface is 
automatically deleted from the existing bundle and added to the new bundle. 


Configuring a multilink bundle on the two serial links increases the bandwidth by 70 percent from 
approximately 1 Mbps to 1.7 Mbps and prepends each packet with a multilink header as specified in the 
FRF.12 standard. To increase the bandwidth further, you can add up to eight serial links to the bundle. In 
addition to a higher bandwidth, configuring the multilink bundle provides load balancing and redundancy. 
If one of the serial links fails, traffic continues to be transmitted on the other links without any interruption. 
In contrast, independent links require routing policies for load balancing and redundancy. Independent 
links also require IP addresses for each link as opposed to one IP address for the bundle. In the routing 
table, the multilink bundle is represented as a single interface. 


Example: Configuring an MLPPP Bundle 
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This example shows how to configure an MLPPP bundle to increase traffic bandwidth. 


Requirements 


Before you begin, you should have two Juniper Networks devices configured with at least two serial 
interfaces that communicate over serial links. 


Overview 


In this example, you create the MLPPP bundle Isq-0/0/0.0 at the logical unit level of the link services 
interface Isq-0/0/0 on Juniper Networks devices RO and R1. You then add the two serial interfaces se-1/0/0 
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and se-1/0/1 as constituent links to the multilink bundle. In Figure 24 on page 420, your company's branch 
office is connected to its main branch using devices RO and R1. You transmit data and voice traffic on two 
low-speed 1-Mbps serial links. To increase bandwidth, you configure MLPPP and join the two serial links 
se-1/0/0 and se-1/0/1 into the multilink bundle Isq-0/0/0.0. Then you configure LFl and CoS on RO and 
R1 to enable them to transmit voice packets ahead of data packets. 


Figure 24: Configuring MLPPP and LFI on Serial Links 






Multilink Bundle (lsq-0/0/0) 







fe-0/0/1 fe-0/0/1 


Branch Office RO RI Main Branch 
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Configuration 


CLI Quick Configuration 

To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


For device RO 

set interfaces Isq-0/0/0 unit O family inet address 10.0.0.10/24 

set interfaces se-1/0/0 unit O family mlppp bundle Isq-0/0/0.0 

set interfaces se-1/0/1 unit O family mlppp bundle Isq-0/0/0.0 

set interfaces se-1/0/0 serial-options clocking-mode dce clock-rate 2.0mhz 
set interfaces se-1/0/1 serial-options clocking-mode dce clock-rate 2.0mhz 


For device R1 

set interfaces Isq-0/0/0 unit O family inet address 10.0.0.9/24 
set interfaces se-1/0/0 unit 0 family mlppp bundle Isq-0/0/0.0 
set interfaces se-1/0/1 unit O family mlppp bundle Isq-0/0/0.0 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure MLPPP bundle: 


1. Create an interface on both devices. 


[edit] 
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user@host# edit interfaces Isq-0/0/0 unit 0 


2. Configure a family inet and define the IP address on device RO. 


[edit interfaces Isq-0/0/0 unit O] 
user@host# set family inet address 10.0.0.10/24 


3. Configure a family inet and define the IP address on device R1. 


[edit interfaces Isq-0/0/0 unit O] 
user@host# set family inet address 10.0.0.9/24 


4. Specify the names of the constituent links to be added to the multilink bundle on both devices. 


[edit interfaces] 

user@host# edit se-1/0/0 unit 0 

user@host# set family mlppp bundle Isq-0/0/0.0 
[edit interfaces] 

user@host# edit se-1/0/1 unit 0 

user@host# set family mlppp bundle Isq-0/0/0.0 


5. Set the serial options to the same values for both interfaces on RO. 


NOTE: RO is set as a DCE device. The serial options are not set for interfaces on R1. You can 
set the serial options according to your network setup. 


[edit interfaces] 
user@host# set se-1/0/0 serial-options clocking-mode dce clock-rate 2.0mhz 
user@host# set se-1/0/1 serial-options clocking-mode dce clock-rate 2.0mhz 


Results 

From configuration mode, confirm your configuration by entering the show interfaces Isq-0/0/0, show 
interfaces se-1/0/0, and show interfaces se-1/0/1 commands for RO and R1. If the output does not display 
the intended configuration, repeat the configuration instructions in this example to correct it. 


For device RO 
[edit] 
user@host# show interfaces Isq-0/0/0 
family inet { 
address 10.0.0.10/24, 
} 
} 
[edit] 
user@host# show interfaces se-1/0/0 
clocking-mode dce; 
clock-rate 2.0mhz; 
} 
unit O { 
family mlppp { 
bundle Isq-0/0/0.0; 


} 
[edit] 
user@host# show interfaces se-1/0/1 
serial-options { 
clocking-mode dce; 
clock-rate 2.0mhz; 
} 
unit O { 
family mlppp { 
bundle Isq-0/0/0.0; 


For device R1 
[edit] 
user@host# show interfaces Isq-0/0/0 
family inet { 
address 10.0.0.9/24; 
} 
} 
[edit] 
user@host# show interfaces se-1/0/0 
unit O { 
family mlppp { 
bundle Isq-0/0/0.0; 


} 
[edit] 
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user@host# show interfaces se-1/0/1 
unit O { 
family mlppp { 

bundle Isq-0/0/0.0; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


Confirm that the configuration is working properly. 


Verifying the MLPPP Bundle 


Purpose 
Verify that the constituent links are added to the bundle correctly. 


Action 
From operational mode, enter the show interfaces Isq-0/0/0 statistics command. 


Configuring Multilink Frame Relay 


IN THIS SECTION 


Understanding Multilink Frame Relay FRF.15 | 424 
Example: Configuring Multilink Frame Relay FRF.15 | 424 
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Example: Configuring Multilink Frame Relay FRF.16 | 428 


The topics below discuss the overview and configuration details of Multilink Frame Relay FRF.15 and 
overview and configuration details of Multilink Frame Relay FRF.16 for security devices. 


| Understanding Multilink Frame Relay FRF.15 


The link services intelligent queuing interface Isq-0/0/0 supports Multilink Frame Relay end-to-end (MLFR 
FRF.15). 


With MLFR FRF.15, multilink bundles are configured as logical units on the link services intelligent queuing 
interface, such as Isq-0/0/0.0. MLFR FRF.15 bundles combine multiple permanent virtual circuits (PVCs) 
into one aggregated virtual circuit (AVC). This process provides fragmentation over multiple PVCs on one 
end and reassembly of the AVC on the other end. You can configure LFl and CoS with MLFR in the same 
way that you configure them with MLPPP. 


| Example: Configuring Multilink Frame Relay FRF.15 
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This example shows how to configure MLFR FRF.15 for additional bandwidth, load balancing, and 
redundancy by aggregating low-speed links such as T1, E1, and serial links. 


Requirements 


Before you begin, you should have two Juniper Networks devices configured with at least two serial 
interfaces that communicate over serial links. 


Overview 


In this example, you aggregate two T1 links to create the MLFR FRF.15 bundle on two Juniper Networks 
devices, RO and R1, and set the interface to Isq-0/0/0. You configure a logical unit on the Isq-0/0/0 
interface and set the family type to inet with address 10.0.0.4/24. Then you configure an IP address for 
the multilink bundle on the unit level of the interface. 


You define the multilink bundle as an MLFR FRF.15 bundle by specifying the MLFR end-to-end encapsulation 
type. You specify the names of the constituent links to be added to the multilink bundle as t1-2/0/0 and 
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t1-2/0/1 and set the encapsulation type to frame relay. You then define RO as a DCE device and R1 as a 
DTE device. You set the DLCI value to 100 (range is 16 through 1022). Finally, you set the multilink bundle 
to Isq-0/0/0.0. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


For device RO 

set interfaces Isq-0/0/0 unit O family inet address 10.0.0.4/24 

set interfaces Isq-0/0/0 unit O encapsulation multilink-frame-relay-end-to-end 
set interfaces t1-2/0/0 encapsulation frame-relay 

set interfaces t1-2/0/1 encapsulation frame-relay 

set interfaces Isq-0/0/0 dce 

set interfaces Isq-0/0/0 unit O dici 100 family mlfr-end-to-end bundle Isq-0/0/0.0 


For device R1 

set interfaces Isq-0/0/0 unit 0 family inet address 10.0.0.5/24 

set interfaces Isq-0/0/0 unit O encapsulation multilink-frame-relay-end-to-end 
set interfaces t1-2/0/0 encapsulation frame-relay 

set interfaces t1-2/0/1 encapsulation frame-relay 

set interfaces Isq-0/0/0 unit O dici 100 family mlfr-end-to-end bundle Isq-0/0/0.0 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure the MLFR FRF.15 bundle: 


1. Create an interface on both devices. 
[edit] 
user@host# edit interfaces Isq-0/0/0 unit 0 

2. Set a logical unit on the interface and define the family type for devices RO and R1. 
[edit interfaces Isq-0/0/0 unit O] 


user@host# set family inet address 10.0.0.4/24 
user@host# set family inet address 10.0.0.5/24 
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3. Define the multilink bundle as an MLFR FRF.15 bundle. 


[edit interfaces Isq-0/0/0 unit O] 
user@host# set encapsulation multilink-frame-relay-end-to-end 


4. Specify the names of the constituent links to be added to the multilink bundle. 


[edit interfaces] 
user@host# set t1-2/0/0 encapsulation frame-relay 
user@host# set t1-2/0/1 encapsulation frame-relay 


5. Define device RO as a DCE device. 


[edit interfaces] 
user@host# edit Isq-0/0/0 
user@host# set dce 


6. Specify the DLCI as well as the multilink bundle to which the interface is to be added. 


[edit interfaces Isq-0/0/0] 
user@host# set unit O dici 100 family mlfr-end-to-end bundle Isq-0/0/0.0 


Results 


From configuration mode, confirm your configuration by entering the show interfaces Isq-0/0/0, show 
interfaces t1-2/0/0, and show interfaces t1-2/0/1 commands for RO and R1. If the output does not display 
the intended configuration, repeat the configuration instructions in this example to correct it. 


For device RO 
[edit] 
user@host# show interfaces Isq-0/0/0 
dce; 
unit O { 
encapsulation multilink-frame-relay-end-to-end; 
dici 100; 
family inet { 
address 10.0.0.4/24, 
} 
family mlfr-end-to-end { 
bundle Isq-0/0/0.0; 
} 


} 
[edit] 
user@host#show interfaces t1-2/0/0 
encapsulation frame-relay; 
[edit] 
user@host# show interfaces t1-2/0/1 
encapsulation frame-relay; 


For device R1 
[edit] 
user@host# show interfaces Isq-0/0/0 
unit O { 
encapsulation multilink-frame-relay-end-to-end; 
dici 100; 
family inet { 
address 10.0.0.5/24; 
} 
family mlfr-end-to-end { 
bundle Isq-0/0/0.0; 


} 
[edit] 
user@host# show interfaces t1-2/0/0 
encapsulation frame-relay; 
[edit] 
user@host# show interfaces t1-2/0/1 
encapsulation frame-relay; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 
Confirm that the configuration is working properly. 
Verifying the MLFR FRF.15 Configuration 


Purpose 
Verify the MLFR FRF.15 configuration. 


Action 


From operational mode, enter the show interfaces command. 


427 


428 


| Understanding Multilink Frame Relay FRF.16 


The link services intelligent queuing interface Isq-0/0/0 supports the Multilink Frame Relay (MLFR) 
user-to-network interface (UNI) and network-to-network interface (NNI) (MLFR FRF.16). 


MLFR FRF.16 configures multilink bundles as channels on the link services intelligent queuing interface, 
such as Isq-0/0/0:0. A multilink bundle carries Frame Relay permanent virtual circuits (PVCs), identified 
by their data-link connection identifiers (DLCls). Each DLCI is configured at the logical unit level of the link 
services intelligent queuing interface and is also referred as a logical interface. Packet fragmentation and 
reassembly occur on each virtual circuit. You can configure LFl and CoS with MLFR in the same way that 
you configure them with MLPPP. 


| Example: Configuring Multilink Frame Relay FRF.16 
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This example shows how to configure MLFR FRF.16 for additional bandwidth, load balancing, and 
redundancy. 


Requirements 


Before you begin, you should have two Juniper Networks devices configured with at least two serial 
interfaces that communicate over serial links. 


Overview 


In this example, you aggregate two T1 interfaces to create an MLFR FRF.16 bundle on two Juniper Networks 
devices, RO and R1. You configure the chassis interface and specify the number of MLFR FRF.16 bundles 
to be created on the interface. You then specify the channel to be configured as a multilink bundle and 
create interface Isq-0/0/0:0. You set the multilink bundle as an MLFR FRF.16 bundle by specifying the 
MLFR UNI NNI encapsulation type. 
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Then you define RO as a DCE device and R1 as a DTE device. You configure a logical unit on the multilink 
bundle Isq-0/0/0:0, and set the family type to inet. You then assign a DLCI of 400 and an IP address of 
10.0.0.10/24 to the multilink bundle. You create the T1 interfaces, t1-2/0/0 and t1-2/0/1, that are to be 
added as constituent links to the multilink bundle and define the Frame Relay encapsulation type. Finally, 
you set the multilink bundle to Isq-0/0/0:0. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


For device RO 

set chassis fpc O pic O mifr-uni-nni-bundles 1 

set interfaces Isq-0/0/0:0 encapsulation multilink-frame-relay-uni-nni 
set interfaces Isq-0/0/0:0 dce 

set interfaces Isq-0/0/0 unit 0 dici 400 family inet address 10.0.0.10/24 
set interfaces t1-2/0/0 encapsulation multilink-frame-relay-uni-nni 
set interfaces t1-2/0/1 encapsulation multilink-frame-relay-uni-nni 
set interfaces t1-2/0/0 unit 0 family mlfr-uni-nni bundle Isq-0/0/0:0 
set interfaces t1-2/0/1 unit 0 family mlfr-uni-nni bundle Isq-0/0/0:0 
For device R1 

set chassis fpc O pic O mifr-uni-nni-bundles 1 

set interfaces Isq-0/0/0:0 encapsulation multilink-frame-relay-uni-nni 
set interfaces Isq-0/0/0 unit 0 dici 400 family inet address 10.0.0.9/24 
set interfaces t1-2/0/0 encapsulation multilink-frame-relay-uni-nni 
set interfaces t1-2/0/1 encapsulation multilink-frame-relay-uni-nni 
set interfaces t1-2/0/0 unit 0 family mlfr-uni-nni bundle Isq-0/0/0:0 
set interfaces t1-2/0/1 unit 0 family mlfr-uni-nni bundle Isq-0/0/0:0 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure an MLFR FRF.16 bundle: 


1. Configure a chassis interface. 


[edit] 
user@host# edit chassis 


2. Specify the number of MLFR bundles. 


[edit chassis] 
user@host# set fpc O pic 0 mifr-uni-nni-bundles 1 


. Create an interface. 


[edit] 
user@host# edit interfaces Isq-0/0/0:0 


. Specify the MLFR encapsulation type. 


[edit interfaces Isq-0/0/0:0] 
user@host# set encapsulation multilink-frame-relay-uni-nni 


. Set device RO as a DCE device. 


[edit interfaces Isq-0/0/0:0] 
user@host# set dce 


. Specify a logical unit on the multilink bundle and set the family type. 


[edit interfaces Isq-0/0/0] 
user@host# set unit O dici 400 family inet address 10.0.0.10/24 


. Create the T1 interfaces and set the Frame Relay encapsulation. 


[edit interfaces] 
user@host# set t1-2/0/0 encapsulation multilink-frame-relay-uni-nni 
user@host# set t1-2/0/1 encapsulation multilink-frame-relay-uni-nni 


. Specify the multilink bundle to which the interface is to be added as a constituent link on device RO. 


[edit interfaces t1-2/0/0] 
user@host# set unit O family mlfr-uni-nni bundle Isq-0/0/0:0 


. Specify the multilink bundle to which the interface is to be added as a constituent link on device R1. 
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[edit interfaces t1-2/0/1] 


user@host# set unit 0 family mlfr-uni-nni bundle Isq-0/0/0:0 


Results 


From configuration mode, confirm your configuration by entering the show commands for devices RO and 
R1. If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


For device RO 


[edit chassis] 
user@host#show 
foc O{ 
pic O { 
mlfr-uni-nni-bundles 1; 


[edit interfaces Isq-0/0/0:0] 
user@host#show 

dce; 

encapsulation multilink-frame-relay-uni-nni; 


[edit interfaces Isq-0/0/0] 
user@host#show 
unit O { 
dici 400; 
family inet { 
address 10.0.0.10/24; 


[edit interfaces t1-2/0/0] 
user@host#show 
encapsulation multilink-frame-relay-uni-nni; 
unit O { 
family mlfr-uni-nni { 
bundle Isq-0/0/0:0; 
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[edit interfaces t1-2/0/1] 
user@host#show 
encapsulation multilink-frame-relay-uni-nni; 
unit O { 
family mlfr-uni-nni { 
bundle Isq-0/0/0:0; 


For device R1 


[edit chassis] 
user@host#show 
foc O{ 
pic O { 
mlfr-uni-nni-bundles 1; 


[edit interfaces Isq-0/0/0:0] 
user@host#show 
encapsulation multilink-frame-relay-uni-nni; 


[edit interfaces t1-2/0/0] 
user@host#show 
encapsulation multilink-frame-relay-uni-nni; 
unit O { 
family mlfr-uni-nni { 
bundle Isq-0/0/0:0; 


[edit interfaces t1-2/0/1] 
user@host#show 
encapsulation multilink-frame-relay-uni-nni; 
unit O { 
family mlfr-uni-nni { 
bundle Isq-0/0/0:0; 


If you are done configuring the device, enter commit from configuration mode. 
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Verification 


Confirm that the configuration is working properly. 


Verifying the MLFR FRF.16 Configuration 


Purpose 
Verify the MLFR FRF.16 configuration. 


Action 


From operational mode, enter the show interfaces command. 


Configuring Compressed Real-Time Transport Protocol 


IN THIS SECTION 


@ Understanding Compressed Real-Time Transport Protocol | 433 


@ Example: Configuring the Compressed Real-Time Transport Protocol | 434 


Compressed Real-Time Transport Protocol (CRTP) is typically used for compressing voice and video packets. 
The topics below discuss the overview of CRTP and its configuration details. 


| Understanding Compressed Real-Time Transport Protocol 
Compressed Real-Time Transport Protocol (CRTP) is typically used for compressing voice and video packets. 
You can configure CRTP with LFI on a link services interface. 


CRTP can be configured as a compression device on a T1 or E11 interface with PPP encapsulation, using 
the link services interface. 
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NOTE: 
e F-max period—Maximum number of compressed packets allowed between transmission of 
full headers. It has a range from 1 to 65,535. 


e Maximum and Minimum—UDP port values from 1 to 65,536 reserve these ports for RTP 
compression. CRTP is applied to network traffic on ports within this range. This feature is 
applicable only to voice services interfaces. 


| Example: Configuring the Compressed Real-Time Transport Protocol 


IN THIS SECTION 


Requirements | 434 
Overview | 434 
Configuration | 434 


Verification | 436 


This example shows how to configure CRTP to improve packet transmission, especially for time-sensitive 


voice packets. 


Requirements 


Before you begin, you should have two Juniper Networks devices configured with at least two serial 
interfaces that communicate over serial links. 


Overview 


In this example, you create a T1 interface called t1-1/0/0 and set the type of encapsulation to PPP. You 
set the link services intelligent queuing interface to Isq-0/0/0.0. You then create an interface called 
Isq-O/0/0 and set the logical unit O. Finally, you set the F-max period to 2500, the minimum UDP port 
value to 2000, and the maximum UDP port value to 64009. 


Configuration 


CLI Quick Configuration 
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To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces t1-1/0/0 encapsulation ppp 
set interfaces t1-1/0/0 unit 0 compression-device Isq-0/0/0.0 
set interfaces Isq-0/0/0 unit O compression rtp f-max-period 2500 port minimum 2000 maximum 64009 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure CRTP on a device: 


1. Create the T1 interface. 


[edit] 
user@host# edit interfaces t1-1/0/0 


2. Set the type of encapsulation. 


[edit interfaces t1-1/0/0] 
user@host# set encapsulation ppp 


3. Add the link services intelligent queuing interface to the physical interface. 
[edit interfaces t1-1/0/0] 


user@host# edit unit 0 
user@host# set compression-device Isq-0/0/0.0 


4. Create an interface and set the logical unit. 


[edit interfaces] 
user@host# edit Isq-0/0/0 unit O 


5. Configure the link services intelligent queuing interface. 


[edit interfaces Isq-0/0/0 unit O] 
user@host# set compression rtp f-max-period 2500 port minimum 2000 maximum 64009 


Results 
From configuration mode, confirm your configuration by entering the show interfaces command. If the 


output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


[edit] 
user@host# show interfaces 
Isq-0/0/0 { 
unit O { 
compression { 
rtp { 
f-max-period 2500; 
port minimum 2000 maximum 64009; 


} 


t1-1/0/0 { 
encapsulation ppp; 
unit O { 
compression-device Isq-0/0/0.0; 


} 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


Confirm that the configuration is working properly. 


Verifying the CRTP Configuration 


Purpose 
Verify the CRTP configuration. 


Action 


From operational mode, enter the show interfaces command. 


RELATED DOCUMENTATION 


Link Services Interfaces Overview | 371 
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CHAPTER 


Configuring Management, Discard, and 


Loopback Interfaces 


Configuring Management and Discard Interfaces | 438 


Configuring Loopback Interfaces | 439 





438 


Configuring Management and Discard Interfaces 


IN THIS SECTION 


@ Configuring Management Interfaces | 438 
@ = Configuring Discard Interface | 439 


The topics below discuss the over and configuration details of management and discard interfaces on the 
security devices. 


Configuring Management Interfaces 


Management interfaces are the primary interfaces for accessing the device remotely. Typically, a 
management interface is not connected to the in-band network, but is connected instead to the device's 
internal network. Through a management interface you can access the device over the network using 
utilities such as ssh and telnet and configure it from anywhere, regardless of its physical location. SNMP 
can use the management interface to gather statistics from the device. 


Management interfaces vary based on device type: 


e The SRX5600 and SRX5800 devices include a 10/100-Mbps Ethernet port on the Routing Engine (RE). 
This port, which is labeled ETHERNET, is a dedicated out-of-band management interface for the device. 
Junos OS automatically creates the device’s management interface fxpO. To use fxpO as a management 
port, you must configure its logical port fxp0.0 with a valid IP address. While you can use fxpO to connect 
to a management network, you cannot place it into the management zone. 


NOTE: On the SRX5600 and SRX5800 devices, you must first connect to the device through 
the serial console port before assigning a unique IP address to the management interface. 


As a security feature, users cannot log in as root through a management interface. To access the device 
as root, you must use the console port. 


In an SRX Series device, the fxpO management interface is a dedicated port located on the Routing Engine. 
In an SRX Series chassis cluster configuration, the control link interface must be port 0 on an SPC. For 
each node in the chassis cluster, you must configure the SPC that is used for the control link interface. 
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| Configuring Discard Interface 


The discard (dsc) interface is not a physical interface, but a virtual interface that discards packets. You can 
configure one discard interface. This interface allows you to identify the ingress (inbound) point of a 
denial-of-service (DoS) attack. When your network is under attack, the target host IP address is identified, 
and the local policy forwards attacking packets to the discard interface. Traffic routed out the discard 
interface is silently discarded. 


RELATED DOCUMENTATION 


| Understanding Interfaces | 29 


Configuring Loopback Interfaces 


IN THIS SECTION 


@ Understanding the Loopback Interface | 439 


@® Configuring a Loopback Interface | 441 


The topics below discuss the overview and configuration details of loopback interfaces on security devices. 


| Understanding the Loopback Interface 


The Internet Protocol (IP) specifies a loopback network with the (IPv4) address 127.0.0.0/8. Most IP 
implementations support a loopback interface (loO) to represent the loopback facility. Any traffic that a 
computer program sends on the loopback network is addressed to the same computer. The most commonly 
used IP address on the loopback network is 127.0.0.1 for IPv4 and ::1 for IPv6. The standard domain name 
for the address is localhost. 


A network device also includes an internal loopback address (lo0.16384). The internal loopback address 
is a particular instance of the loopback address with the logical unit number 16384. 
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The loopback interface is used to identify the device. While any interface address can be used to determine 
if the device is online, the loopback address is the preferred method. Whereas interfaces might be removed 
or addresses changed based on network topology changes, the loopback address never changes. 


When you ping an individual interface address, the results do not always indicate the health of the device. 
For example, a subnet mismatch in the configuration of two endpoints on a point-to-point link makes the 
link appear to be inoperable. Pinging the interface to determine whether the device is online provides a 
misleading result. An interface might be unavailable because of a problem unrelated to the device's 
configuration or operation. You can use the loopback interface to address these issues. 


Benefits of Loopback Interface 


e As the loopback address never changes, it is the best way to identify a device in the network. 


e The loopback interface is always up and it is reachable as long as the route to that IP address is available 
in the IP routing table. Hence you can use the loopback interface for diagnostics and troubleshooting 
purposes. 


e Protocols such as OSPF use the loopback address to determine protocol-specific properties for the 
device or network. Further, some commands such as ping mpls require a loopback address to function 
correctly. 


e You can apply stateless firewall filters to the loopback address to filter packets originating from, or 
destined for, the Routing Engine. 


e Junos OS creates the loopback interface for the internal routing instance, which prevents any filter on 
100.0 from disrupting internal traffic. 


SEE ALSO 


Understanding Interfaces | 29 


Configuring a Loopback Interface 


The loopback interface supports many different network and operational functions and is an always-up 
interface. This means that the loopback interface ensures that the device is reachable, even if some of the 
physical interfaces are down or removed, or an IP address has changed. In most cases, you always define 
a loopback interface. 


Junos OS follows the IP convention of identifying the loopback interface as loO. 


Junos OS requires that the loopback interface always be configured with a /32 network mask because the 
Routing Engine is essentially a host. 


If you are using routing instances, you can configure the loopback interface for the default routing instance 
or for a specific routing instance. The following procedure adds the loopback interface to the default 
routing instance. 


Optionally, instead of configuring the loopback interface at the [edit interfaces] hierarchy level, you can 
use a configuration group, as shown in this procedure. This is a recommended best practice for configuring 
the loopback interface. This procedure uses a group called global as an example. 


To configure a loopback interface: 


1. Using the host IP address, assign it to the loopback interface. 


Each host in your network deployment should have a unique loopback interface address. The address 
used here is only an example. 


[edit groups global interfaces loO unit O family inet] 
user@host# set address 192.0.2.27/32 


2. (Optional) Set the preferred IP address. 
You can configure as many addresses as you need on the loO interface, so it is good practice to designate 


one preferred IP address. 


[edit groups global interfaces loO unit O family inet] 
user@host# set address 192.0.2.48/32 preferred 


3. (Optional) Configure additional addresses. 


Only unit 0 is permitted as the master loopback interface. If you want to add more IP addresses to unit 
O, you configure them in the normal way under unit O, without the preferred option. 


[edit groups global interfaces loO unit O family inet] 
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user@host# set address 198.51.100.48/32 
user@host# set address 192.168.11.27 


NOTE: You do not have to include the /32 as long as the IPv4 address is a valid host address. 
(This usually means that the last octet cannot be zero.) 


4. Configure the localhost address. 


On the 100.0 interface, it is useful to have the IP address 127.0.0.1 configured, as certain processes 
such as NTP and MPLS ping use this default host address. The 127.0.0.1/32 address is a Martian IP 
address (an address invalid for routing), so it is never advertised by the Juniper Networks device. 


[edit groups global interfaces loO unit O family inet] 
user@host# set address 127.0.0.1/32 


5. (Optional) Configure an ISO address. 


Depending on your network configuration, you might also need an ISO address for the IS-IS routing 
protocol. 


[edit groups global interfaces loO unit O family iso] 
user@host# address 49.0026.0000.0000.0110.00 


6. If you used a configuration group, apply the configuration group, substituting global with the appropriate 
group name. 


[edit] 
user@host# set apply-groups global 


7. Commit the configuration. 


user@host# commit 
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LTE Mini Physical Interface Modules (LTE Mini-PIM) 


SUMMARY IN THIS SECTION 


LTE Mini-PIM Overview | 444 
Learn about the LTE MIni-PIM, the features supported 


on it and how to configure it on security devices. SelM SE SRE aA es) 


Example: Configure LTE Mini-PIM as a Backup 
Interface | 454 


| LTE Mini-PIM Overview 


The LTE Mini-Physical Interface Module (Mini-PIM) provides wireless WAN support on security devices. 
Table 34 on page 444 specifies the key details of the LTE Mini-PIM interface. 


Table 34: LTE Mini-PIM Device Details 


Interface Details Descriptions 

Interface name LTE Mini-PIM 

Supported on For information about platforms support, see hardware compatibility tool (HCT). 
Models e SRX-MP-LTE-AE 


e SRX-MP-LTE-AA 
See LTE Mini-PIM Models. 


Physical interface for the 4G LTE e The interface name is cl-slot number/0/0 where slot number identifies the slot 
Mini-PIM on the device in which you insert the LTE Mini-PIM. For example, cl-1/0/0. 


Configurable properties on the physical interface are: 


e Adialer pool to which the physical interface belongs and the priority of the 


interface in the pool. 
e Profiles for the SIM cards. 
e Radio access technology (automatic, 3G, LTE). 


Key deployment e Provides wireless WAN support. 
Operates on 3G and 4G networks. 


445 


For hardware specifications for the LTE Mini-PIM, see LTE Mini-Physical Interface Module. 


Features Supported on the LTE Mini-PIM 


Table 35 on page 445 describes the key features supported on LTE Mini-PIM. 


Table 35: Key Features Supported on LTE Mini-PIM 


Feature 
Automatic switchover between service 


providers through dual SIMs 


Multiple service provider and Access 
Point Name (APN) profiles 


LTE carrier aggregation 


SIM security functions 


Primary, logical and backup interface 
with always-on, dial-on-demand, and 
backup modes 


Description 


Supports dual Subscriber Identity Module (SIM) cards that allow connectivity 
to two different ISP networks. Automatic switchover provides a failover 
mechanism when the current active network fails. 


Supports up to 16 profiles configuration for each SIM. The LTE Mini-PIM 
supports two SIM cards, you can configure a total of 32 profiles and at a 
time, only single profile is active. 


Supports increased capacity and network efficiency. Carrier aggregation 
expands the LTE bandwidth by combining secondary bands. 


Supports security functions such as SIM lock and unlock, and PIN change. 


On receiving traffic, the logical dlO interface enables and places calls through 
the physical interface in the dialer pool. The dialer interface performs backup 
and dialer filter functions. You can configure the dialer interface to operate 
as: 


e Primary Interface: The dialer interface connects to the network and is 
always on. For more information, see Configuring the LTE Mini-PIM as the 
Primary Interface. 


e Backup interface for the primary WAN connection: The dialer interface 
activates only when the primary connection fails. For more information, 
see Configuring the LTE Mini-PIM as a Backup Interface. 

e Dial-on-demand: For more information, see Configuring the LTE Interface 
as a Dial-on-Demand Interface. 


Configuration modes: always-on, dial-on-demand or backup modes. You can 
configure the Mini-PIM in any one of the modes. 


e Always-on: The Mini-PIM connects to the 3G/4G network after booting. 
The connection is always maintained. 


e When you configure as primary interface, the LTE Mini-PIM supports both 
the always-on and dial-on-demand modes. 
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Table 35: Key Features Supported on LTE Mini-PIM (continued) 


Feature Description 
Over-the-air upgrade for modem Supports Over-the-air (OTA) firmware upgrade that enables automatic and 
firmware timely upgrade of modem firmware when new firmware versions are available. 


You can enable or disable the OTA upgrade on the LTE Mini-PIM. OTA 
upgrade is disabled by default. 


| Configure LTE Mini-PIM 


IN THIS SECTION 


Configure LTE Mini-PIM as a Primary Interface | 446 
Configure LTE Mini-PIM in a High Availability Cluster Mode | 448 
Configure LTE Mini-PIM as a Backup Interface | 450 


Configure LTE Mini-PIM as a Dial-on-demand Interface | 452 


You can configure the LTE Mini-PIM as a primary interface, as a backup interface or as a dial-on-demand 


interface. 


Configure LTE Mini-PIM as a Primary Interface 


The LTE Mini-PIM is installed on a SRX320 line of devices and functions as the primary interface as seen 
in Figure 25 on page 447 and assumed that the LTE Mini-PIM is installed in slot 1 on the SRX320 line of 


devices. 


Figure 25: LTE Mini-PIM as a Primary Interface 
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Before you begin, ensure that dl0.0 is not configured as a backup interface. If dl0.0 is configured as a 
backup for any interface on the SRX Series device, then this configuration overrides the configuration 
outlined in this procedure, and the LTE Mini-PIM will function as a backup interface. 


Use the show interfaces | display set | match backup-option | match dl0.0 command to check whether 
any interface uses dl0.0 as a backup interface. If dl0.0 is configured as a backup interface, then delete the 
configuration by issuing the following command: 

delete interfaces interface-name unit O backup-options interface dl0.0 


To configure the LTE Mini-PIM as a primary interface: 


1. Configure the dialer interface. 


user@host# set interfaces dlO unit O family inet negotiate-address 
user@host# set interfaces dlO unit O family inet6 negotiate-address 
user@host# set interfaces dIO unit O dialer-options pool dialer-pool-number 
user@host# set interfaces dlO unit O dialer-options dial-string dial-number 


user@host# set interfaces dIO unit O dialer-options always-on 

2. Configure the dialer pool for the LTE Mini-PIM physical interface. 
user@host# set interfaces cl-1/0/0 dialer-options pool number 

3. Configure the profile for the Subscriber Identity Module (SIM) cards. 


user@host# run request modem wireless create-profile profile-id profile-id cl-1/0/0 slot sim-slot-number 


access-point-name apn-name authentication-method none 


sim-slot-number is the slot on the Mini-PIM in which the SIM card is inserted. 


4. Verify that the profile is configured successfully. 
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user@host# run show modem wireless profiles cl-1/0/0 slot 1 
5. Activate the SIM card. 
user@host# set interfaces cl-1/0/0 act-sim sim-slot-number 
6. Select the profile and configure the radio access type for the SIM card. 


user@host# set interfaces cl-1/0/0 cellular-options sim sim-slot-number select-profile profile-id 
profile-id 


user@host# set interfaces cl-1/0/0 cellular-options sim sim-slot-number radio-access automatic 


If a SIM card is installed in the second slot, then select the profile and configure the radio access type 
for the secondary SIM card. 


7. Verify the status of the wireless network and dialer interface. 


user@host# run show modem wireless network 


user@host# run show interfaces dl0.0 


If the LTE Mini-PIM gets an IP address with a mask of /32 from the service provider, you can configure 
the default gateway information using the set interfaces cl-interface cellular-options sim sim-slot 
gateway ip-address/mask command to make the Mini-PIM accept the assigned IP address. 


Configure LTE Mini-PIM in a High Availability Cluster Mode 


An SRX chassis cluster supports two cl interfaces, cl-1/1/0 (primary node) and cl-8/1/0 (secondary node). 
To configure the LTE Mini-PIM in a HA cluster mode: 


1. Configure the dialer interface (dlO). 


{primary:nodeO}[edit] 

user@host# set interfaces dlO unit 0 family inet negotiate-address 
user@host# set interfaces dIO unit O family inet6 negotiate-address 
user@host# set interfaces dIO unit O dialer-options pool dialer-pool-number 
user@host# set interfaces dlO unit O dialer-options dial-string dial-number 


user@host# set interfaces dIO unit O dialer-options always-on 


2. Configure the LTE interface (cl-1/1/0) on the primary node. 


a. Configure the dialer pool for the LTE physical interface. 
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{primary:nodeO}[edit] 
user@host# set interfaces cl-1/1/0 dialer-options pool dialer-pool-number 


b. Specify the priority for the interface. The interface with the higher priority becomes the active 
interface. 


{primary:nodeO}[edit] 
user@host# set interfaces cl-1/1/0 dialer-options pool dialer-pool-number priority priority 


c. Configure the profile for the SIM cards. 
{primary:nodeO}[edit] 
user@host# run request modem wireless create-profile profile-id profile-id cl-1/1/0 slot sim-slot-number 
access-point-name apn-name 
d. Verify that the profile is configured successfully. 
user@host# run show modem wireless profiles cl-1/1/0 slot 1 


e. Activate the SIM card. 


{primary:nodeO}[edit] 
user@host# set interfaces cl-1/1/0 act-sim sim-slot-number 


f. Select the profile and configure the radio access type for the SIM card. 


{primary:nodeO}[edit] 
user@host# set interfaces cl-1/1/0 cellular-options sim sim-slot-number select-profile profile-id profile-id 
user@host# set interfaces cl-1/1/0 cellular-options sim sim-slot-number radio-access automatic 


. Repeat Step 2 to configure the LTE interface (cl-8/1/0) for the secondary node. 


If you assign the same priority to both interfaces, then the interface that is listed first in the configuration 
becomes the active interface. 


Verify the active interface: 


root@host> show dialer pools 





POOLE: 1 
Dialer interfaces: Name State 
d10.0 Active 
Subordinate interfaces: Nam Flags Priority 


el-1/1/0 Active 100 


450 


cl-8/1/0 Inactive il 


4. Verify the status of the wireless network and dialer interface. 


user@host# run show modem wireless network 
user@host# run show interfaces dl0.0 


By default, the time interval taken to switch to the secondary cl interface when the active cl interface 
times out is 120 seconds. You can change the time interval by configuring the redial-delay option. 


{primary:nodeO}[edit] 
user@host# user@host# set interfaces dlO unit O dialer-options redial-delay time-in-seconds 
5. Verify that the profile is configured successfully. 
user@host# run show modem wireless profiles cl-1/0/0 slot 1 
6. Verify the status of the wireless network and dialer interface. 


user@host# run show modem wireless network 


user@host# run show interfaces dl0.0 


Configure LTE Mini-PIM as a Backup Interface 


You can configure the LTE Mini-PIM as a backup interface. If the primary interface fails, the LTE Mini-PIM 
connects to the network and remains online only until the primary interface becomes functional. The dialer 
interface is enabled only when the primary interface fails. LTE Mini-PIM installed on SRX320 and functions 
as a backup interface as shown in Figure 26 on page 451. The ge-0/0/1 port is connected to the internet 
and functions as the primary interface. In this scenario, the Mini-PIM is installed on slot 1. 
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Figure 26: LTE Mini-PIM as a Backup Interface 
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To configure the LTE Mini-PIM as a backup interface: 


1. Configure the dialer interface. 


user@host# set interfaces dlO unit 0 family inet negotiate-address 
user@host# set interfaces dlO unit O family inet6 negotiate-address 
user@host# set interfaces dIO unit O dialer-options pool dialer-pool-number 


user@host# set interfaces dlO unit O dialer-options dial-string dial-number 
2. Configure the dialer pool for the LTE Mini-PIM physical interface. 
user@host# set interfaces cl-1/0/0 dialer-options pool dialer-pool-number 


3. Configure the profile for the SIM cards. 


sim-slot-number is the slot on the Mini-PIM in which the SIM card is inserted. 


user@host# run request modem wireless create-profile profile-id profile-id cl-1/0/0 slot sim-slot-number 


access-point-name [3vpn.corp authentication-method none 
4. Verify that the profile is configured successfully. 
user@host# run show modem wireless profiles cl-1/0/0 slot 1 
5. Activate the SIM card. 
user@host# set interfaces cl-1/0/0 act-sim sim-slot-number 
6. Select the profile and configure the radio access type for the SIM card. 


user@host# set interfaces cl-1/0/0 cellular-options sim sim-slot-number select-profile profile-id 


profile-id 
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user@host# set interfaces cl-1/0/0 cellular-options sim sim-slot-number radio-access automatic 


7. Configure the Ethernet interface as the primary interface, which connects to the wireless network. 
Configure the dlO interface as the backup interface. 


user@host# set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.1/24 
user@host# set interfaces ge-0/0/1 unit 0 backup-options interface dl0.0 


8. Verify the status of the wireless network and dialer interface. 


user@host# run show modem wireless network 


user@host# run show interfaces dl0.0 


You can use the activation-delay and deactivation-delay command-line options to avoid interface flaps. 
Avoid the Interface flaps by forcing a delay between the time the primary interface changes states, and 
the time the dialer interface is enabled or disabled. The activation delay controls the time between the 
primary interface going down and activation of the dialer interface. Similarly, the deactivation delay controls 
the time between the recovery of the primary interface and deactivation of the backup interface. 


Configure LTE Mini-PIM as a Dial-on-demand Interface 


When you configure the LTE interface as a primary interface, it functions either in always-on or in 
dial-on-demand mode. In always-on mode, the interface remains connected to the network whereas in 
dial-on-demand mode, the connection is established only when needed. 


In dial-on-demand mode, you can enable the dialer interface only when network traffic configured as an 
“interesting traffic” arrives on the network. Interesting traffic triggers or activates the wireless WAN 
connection. You define an interesting packet by using the dialer filter. To configure dial-on-demand by 
using a dialer filter, you first configure the dialer filter and then apply the filter to the dialer interface. Once 
the traffic is sent over the network, an inactivity timer is triggered and the connection is closed after the 
timer expires. The dial-on-demand mode is supported only if the LTE Mini-PIM is configured as a primary 
interface. 


The LTE Mini-PIM installed on an SRX320 functions as the primary interface as show in Figure 27 on page 453 
and assumed that the LTE Mini-PIM is installed in slot 1 on the device. 
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Figure 27: LTE Mini-PIM as a Dial-on-Demand Interface 
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To configure the LTE Mini-PIM as a dial-on-demand interface: 


1. Configure the dialer interface. 


user@host# set interfaces dlO unit 0 family inet negotiate-address 
user@host# set interfaces dIO unit 0 family inet6 negotiate-address 
user@host# set interfaces dlO unit O family inet filter dialer dialer-filter-name 
user@host# set interfaces dIO unit O dialer-options pool dialer-pool-number 


user@host# set interfaces dlO unit O dialer-options dial-string dial-number 


Optionally, you can configure the idle-timeout value, to determine the duration of the enabled connection 
in the absence of interesting traffic. 


user@host# set interfaces dIO unit O dialer-options idle-timeout idle-timeout-value 
2. Configure the dialer pool for the LTE Mini-PIM physical interface. 

user@host# set interfaces cl-1/0/0 dialer-options pool number 
3. Create the dialer filter rule. 


user@host# set firewall family inet dialer-filter dialer-filter-name term term1 from destination-address 


ip-address then note 
4. Set the default route. 
set routing-options static route ip-address next-hop dl0.0 


5. Configure the profile for the SIM cards. 
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user@host# run request modem wireless create-profile profile-id profile-id cl-1/0/0 slot sim-slot-number 


access-point-name apn-name authentication-method none 
6. Verify that the profile is configured successfully. 
user@host# run show modem wireless profiles cl-1/0/0 slot 1 
7. Activate the SIM card. 
user@host# set interfaces cl-1/0/0 act-sim sim-slot-number 
8. Select the profile and configure the radio access type for the SIM card. 


user@host# set interfaces cl-1/0/0 cellular-options sim sim-slot-number select-profile profile-id 
profile-id 


user@host# set interfaces cl-1/0/0 cellular-options sim sim-slot-number radio-access automatic 


9. Verify the configuration by sending traffic to the destination address. The traffic is routed to the dlO 
interface and if it matches the dialer filter rule, then the dlO is triggered to dial. 


10. Verify the status of the wireless network and dialer interface. 


user@host# run show modem wireless network 


user@host# run show interfaces dl0.0 


| Example: Configure LTE Mini-PIM as a Backup Interface 


IN THIS SECTION 


[xref target has no title] 
[xref target has no title] 


Configuration | 455 


Verification | 457 


This example shows how to configure the LTE Mini-PIM as a backup interface. If the primary interface 
fails, the Mini-PIM connects to the network and remains online only until the primary interface becomes 
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functional. The dialer interface is enabled only when the primary interface fails. In this scenario, the 
Mini-PIM is installed on slot 1. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces dlO unit 0 family inet negotiate-address 

set interfaces dlO unit 0 family inet6 negotiate-address 

set interfaces dlO unit O dialer-options pool dialer-pool-number 

set interfaces dl0 unit O dialer-options dial-string dial-number 

set interfaces cl-1/0/0 dialer-options pool dialer-pool-number 

run request modem wireless create-profile profile-id profile-id cl-1/0/0 slot sim-slot-number access-point-name 
I3vpn.corp authentication-method none 

run show modem wireless profiles cl-1/0/0 slot 1 

set interfaces cl-1/0/0 act-sim sim-slot-number 

set interfaces cl-1/0/0 cellular-options sim sim-slot-number select-profile profile-id profile-id 

set interfaces cl-1/0/0 cellular-options sim sim-slot-number radio-access automatic 

set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.1/24 

set interfaces ge-0/0/1 unit 0 backup-options interface dl0.0 


Configure the LTE Mini-PIM as a Backup Interface 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide. 


To configure LTE Mini-PIM as a backup interface: 


1. Create the dialer interface. 


[edit interfaces] 

user@host# set interfaces dlO unit 0 family inet negotiate-address 
user@host# set interfaces dlO unit 0 family inet6 negotiate-address 
user@host# set interfaces dlO unit O dialer-options pool dialer-pool-number 
user@host# set interfaces dlO unit O dialer-options dial-string dial-number 


2. Define the dialer pool for the LTE Mini-PIM physical interface. 


user@host# set interfaces cl-1/0/0 dialer-options pool dialer-pool-number 
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3. Create and configure the profile on the SIM cards. 


sim-slot-number is the slot on the Mini-PIM in which the SIM card is inserted. 


user@host# run request modem wireless create-profile profile-id profile-id cl-1/0/0 slot sim-slot-number 
access-point-name /3vpn.corp authentication-method none 


4. Activate the SIM card. 


user@host# set interfaces cl-1/0/0 act-sim sim-slot-number 


5. Select the profile and configure the radio access type for the SIM card. 


user@host# set interfaces cl-1/0/0 cellular-options sim sim-slot-number select-profile profile-id profile-id 
user@host# set interfaces cl-1/0/0 cellular-options sim sim-slot-number radio-access automatic 


6. Specify Ethernet interface as the primary interface, which connects to the wireless network. Specify 
the dlO interface as the backup interface. 


user@host# set interfaces ge-0/0/1 unit O family inet address 192.168.2.1/24 
user@host# set interfaces ge-0/0/1 unit 0 backup-options interface dl0.0 


Results 


From configuration mode, confirm your configuration by entering the show interfaces dl0.0 command. If 
the output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


user@host> 


Logical interface dl0.0 (Index 353) (SNMP if Index 559) 
Flags: Up Point-To-Point SNMP-Traps 0x4004000 Encapsulation: ENET2 

















Dialer: 

State: Active, Dial pool: pooll 

Picea” Aimrecracess Ge—l/O/il.,@ (tincless 350) 
Dial strings: 1234 

Subordinate interfaces: cl-1/1/0 (Index 161) 





Activation delay: 0, Deactivation delay: 0 
Initial route check delay: 120 

Redial delay: 120 

Callback wait period: 5 


Load threshold: 0, Load interval: 60 

Input packets : 7 

Output packets: 10 

Protocol inet, MTU: 1490 

Mes inl eeelinse ©, INexy InveiLel tala Isilics O, Clee min Cmies O, Cer ineyy lacie! emcees WO, 
isl Cheese: cimiey 0) 

Flags: Sendbcast-—pkt-to-re, Negotiate-Address 








Addresses, Flags: Is-Preferred Is—Primary 
De stelemcitetOntcaelsO Omen OlG OMA WC 20) noc cle mdO ORM NO OMG OM OteP aE rcOacdeclsicrmsO Ome Ono On oules) 


Protocol inet6, MTU: 1490 


Maxainhmecache 7/5000; News holclirnagelmibtes/5 00 OFC uaercmernin ciate 0) Cuma w aloe 
Gmcs O, Isl Cleo cimaicy 0) 





Flags: Is-Primary, Negotiate-Address 
Addresses, Flags: Is-Preferred 


Destine loncmese > O14, hocalmEccOre a0 Oh bboUmcineaclwiclOl 


Verification 


Verification of the configured profile 


Purpose 


Verify that the profile is configured successfully. 


Action 


From operational mode, run the show modem wireless profiles cl-1/0/0 slot 1 command. 


user@host> show modem wireless profiles cl-1/0/0 slot 1 


Profile details 
Max profiles: 16 
Default profile Id: 1 


wia@ieIke ie sca IW 





Es 


Welilaiels anu) 


Cu 


Access point name (APN): airtelgprs.com 





Authentication: None 
IP Version: IPV4V6 
iOS LO Minerals 


Welilaiels aieiy/ 





Gi 


Access point name (APN): airtelgprs.com 


Authentication: None 


IP Version: IPV4 
inoirallke G8 Wiseeiw als 
Valid: TRUE 


Access point name 





(APN): 


Authentication: None 


IP Version: IPV4 


Winoiealke as 


Avs ie E00) 


Inactive 


ay 


Access point name 





(APN): 


Authentication: None 


IP Version: IPV4 
PieoiEIkS HS WinaerceaywS 
Valid: TRUE 


Access point name 





(APN) : 


Authentication: None 


IP Version: IPV4 


| hao) aul odes 


Welilaiels “IRiy) 


Inactive 


fu 


Access point name 





(APN) : 


Authentication: None 


IP Version: IPV4 
Profile 7: Inactive 

Weillatels anixula; 

Access point name 


Authentication: 


(APN): 


None 


IP Version: IPV4 


Dinos (9 
TRUI 


iWanleikele 


Inactive 


ie 


Access point name 





(APN) : 


Authentication: None 


IP Version: IPV4 


PiroOriie Ye 


Valid: TRUE 


Inactive 


Access point name 





(APN) : 


Authentication: None 


IP Version: IPV4 
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Valid: TRUE 


Access point name 





(APN): 


Authentication: None 


IP Version: IPV4 
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Access point name (APN): 


Authentication: None 


IP Version: IPV4 


Diroirdle 12 


VWanleikele 


Access point name (APN): 


Authentica 


TRUI 





Inactive 


eS 


tion: None 


IP Version: IPV4 
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Access point name (APN): 


Authentica 


TRUE 





Inactive 


tion: None 


IP Version: IPV4 


Wireless als 
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Access point name (APN): 
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tion: None 


IP Version: IPV4 
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Valid: 


Access point name (APN): 
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IP Version: IPV4 
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Valid: 


Access point name (APN): 
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IP Version: IPV4 


Meaning 


airtelgprs. 


airtelgprs. 


airtelgprs. 


airtelgprs. 


airtelgprs. 


airtelgprs. 


The output confirms the profile is active. 


Verification of status of the dialer interface 


Purpose 


Verify that the dialer interface is configured successfully. 


Action 


From operational mode, run the show interfaces dl0.0 command. 


user@host> show interfaces dl0.0 


com 


com 


com 


com 


com 


com 
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Logical interface dl0.0 (Index 353) (SNMP ifIndex 559) 
Flags: Up Point-To-Point SNMP-Traps 0x4004000 Encapsulation: ENET2 

















Dialer: 
State: Active, Dial pool: pooll 
Primary interface: ge-1/0/1.0 (Index 350) 
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Subordinate interfaces: cl-1/1/0 (Index 161) 

Activation delay: 0, Deactivation delay: 0 

Initial route check delay: 120 

Redial delay: 120 

Callback wait period: 5 

Load threshold: 0, Load interval: 60 

Input packets : 7 

Output packets: 10 

Protocol inet, MTU: 1490 
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Meaning 


The output confirms the interface dlo is configured and active. 


Verification of status of the modem network and modem firmware 


Purpose 
Verify that the wireless network is configured, check the firmware, and check if the sim is active. 


Action 


From operational mode, enter the show modem wireless network cl-1/0/0 command to verify the network 
status and show modem wireless firmware cl-1/0/0 command to verify the firmware and sim status. 
Alternatively you can use the show configuration command to verify the complete status. 


user@host> show modem wireless network cl-1/0/0 
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LTE Connection details 





Connected time: 147 

12s 172,165,524 4 
Gateway: 172.16.52.5 
DNS 123), 123 123, LAs 
MOU ODS sa 

Output bps: 0 

Bytes Received: 1308 
Bytes Transferred: 1164 
Packets Received: 10 
Packets Transferred: 10 


Wireless Modem Network Info 





Current Modem Status: Connected 
Current Service Status: Normal 


Current Service Type: PS 








Current Service Mode: LT! 


EL 





Current Band: B3 

Network: UNICOM 

Mobile Country Code (MCC): 460 

Mobile Network Code (MNC): 1 

Location Area Code (LAC): 65534 

Routing Area Code (RAC): 0 

Cell Identification: 4865903 

Access Point Name (APN): abcde 

Public Land Mobile Network (PLMN) : CHN-UNICOM 
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Integrate Circuit Card Identity (ICCID): 89860114721100697502 











Reference Signal Receiving Power (RSRP): -97 


Reference Signal Receiving Quality (RSRQ): -16 





Signal to Interference-plus-Noise Ratio (SiNR): 0 
Signal Noise Ratio (SNR): 0 








Energy per Chip to Interference (ECIO): 0 


Meaning 


The output here shows the wireless modem network is connected and IP address of the fimware connected. 
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Wi-Fi Mini Physical Interface Module (MPIM) 


IN THIS SECTION 


@ Wi-Fi Mini-Physical Interface Module Overview | 463 
@ ~~ Configure Wi-Fi Mini-PIM | 464 


The Wi-Fi Mini-Physical Interface Module (Mini-PIM) for SRX Series devices provides an integrated wireless 
access point (or wireless LAN) solution along with routing, switching, and security in a single device. The 
topics below describes the overview and configuration of Wi-Fi Mini-PIM on SRX series devices. 


| Wi-Fi Mini-Physical Interface Module Overview 


Wi-Fi Mini-Physical Interface Module (Wi-Fi Mini-PIM) for SRX320, SRX340, SRX345, SRX380, and 
SRX550M provides an integrated wireless access point —or wireless LAN— along with routing, switching, 
and security in a single device. The Mini-PIM is also supported in HA mode to provide redundancy. This 
is achieved by deploying two identical SRX devices and enable chassis cluster between them. Wireless 
users are connected to the active interface in redundancy group. Mini-PIM supports the 802.11ac Wave 
2 wireless standards and is backward compatible with 802.11a/b/g/n. You can use the three new models 
of the Wi-Fi Mini-PIM based on the regional wireless standard requirements; 

e SRX-MP-WAP-US — The model based on USA's wireless standard. 


e SRX-MP-WAP-IL — The model based on Israel’s wireless standard. 
e SRX-MP-WAP-WW — The model for other countries. 


You cannot change the country code for the SRX-MP-WLAN-US and SRX-MP-WLAN-IL models as they 
are fixed. The Wi-Fi Mini-PIM can coexist with other Mini-PIMs supported on the SRX Series 
device. Table 36 on page 464 provides a summary of the features supported on Mini-PIM. 


Typical deployments for Wi-Fi Mini-PIM solution include: 


e Secure wireless LAN connectivity to endpoint devices of corporate users at remote branch offices. 
802.11ac, WPA2, 802.1X, and SSID-to-VLAN mapping features provide secure Wireless LAN connectivity. 


e Direct network connectivity to the enterprise Internet of Things (loT) devices. The security features on 
the SRX Series devices secure the loT devices. 
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See How to Install the Wi-Fi Mini-PIM for SRX Series Services Gateways for more information about how 
to install the Wi-Fi Mini-PIM. 


Features Supported on the Wi-Fi Mini-PIM 


Table 36 on page 464 lists the key features supported on the Wi-Fi Mini-PIM. 


Table 36: Wi-Fi Mini-PIM Features 


Feature Description 
2x2 MU-MIMO Enables transmission of data to multiple clients simultaneously. 
Dual radios Both radios of 2.4 GHz and 5 GHz bands are simultaneously supported. The maximum 


supported speed is upto 1.2 Gbps. 


Virtual access points (VAPs) | e Allows you to segment the WLAN into multiple broadcast domains that are the wireless 
and VLAN features equivalents of Ethernet VLANs. A single access point is segregated into multiple 
individual VAPs, simulating multiple access points in a single system. 


e Anaccess point supports multiple VLANs, which can be distributed across VAPs and 


radios. 


e You can configure up to eight VAPs per radio. You can map up to 16 extended service 
set identifiers (ESSIDs) to individual VLANs. 


e The VLANs from the Mini-PIM software map to VLANs on Junos OS. 
Co-existence of interfaces | The Wi-Fi Mini-PIM coexists with 4G LTE, VDSL, T1, and serial interfaces. 
Client authentication Client authentication methods supported are Wi-Fi Protected Access (WPA) Enterprise 


methods (WPA2 standards) and Wi-Fi Protected Access (WPA) Personal (AES-CCMP cipher suits 
and WPA2 standards). 


| Configure Wi-Fi Mini-PIM 


IN THIS SECTION 


@ Wireless LAN Interface in HA Mode | 465 

@ Configure Network Setting for the Wi-Fi Mini-PIM | 465 
@ = Configure VLANS | 470 

© Verification | 475 


You can configure the radios and virtual access points on the Wi-Fi Mini-PIM. This topic contains sections 
that describe the basic Wi-Fi Mini-PIM configuration at the wireless interface level. For more information 
about how to install a Wi-Fi Mini-PIM see How to Install the Wi-Fi Mini-PIM for SRX Series Services 
Gateways. 


Wireless LAN Interface in HA Mode 


To support HA for WAP mPIM, you need to configure chassis cluster setup with two wireless LAN interfaces 
wl-x/0/0 and wl-y/0/0, where x indicates the slot number which WAP mPIM plug in on the node O and 
Y indicates the slot number which WAP mPIM plug in on the node 1. 


The wireless LAN interface works in L3 mode or L2 (switch) mode. 


In L3 mode, the interfaces are configured as subordinate interface of RETH using the command set 
interfaces wl-x/0/0 gigether-options redundant-parent reth-interface. You can add the RETH interface 
to one redundant group and set the priority for each node in the redundant group. Only one wireless LAN 
interface is active in the redundant group and the other one is inactive. 


In L2 HA mode, you can build SRX device in chassis cluster mode with WAP mPIM. The peer wireless LAN 
interfaces are configured in the same VLAN and the wireless LAN interface on the master node of redundant 
group zero is chosen as active interface by default. L2 mode (family ethernet-switching) of wireless LAN 
interface behave like any other L2 switching port (trunk port). 


The following sections describe how to configure the Wi-Fi Mini-PIM on your SRX Series device. 


Configure Network Setting for the Wi-Fi Mini-PIM 


Configure wl- interface 


The interface name for the Mini-PIM is denoted as wl-x/0/0, where x is the slot on the SRX Series Services 
Gateway in which the Mini-PIM is installed. The wl- interface is created automatically when you insert the 
Mini-PIM into the slot on the SRX Series device. 


To configure the wireless LAN interface: 


1. Define an interface for the Wi-Fi Mini-PIM. 


[edit interfaces] 
user@host# set interface wl-x/0/0 unit unit-number family inet address address 


2. Configure the DHCP address pool. 


[edit] 
user@host# set access address-assignment pool pool-name family inet network ip-prefix 
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user@host# set access address-assignment pool pool-name family inet range range-name low 
lower-limit-address 

user@host# set access address-assignment pool pool-name family inet range range-name high 
upper-limit-address 

user@host# set access address-assignment pool pool-name family inet dhcp-attributes router router-address 

user@host# set access address-assignment pool pool-name family inet dhcp-attributes name-server (address 
| hostname) 

user@host# set system services dhcp-local-server group group-name interface wl-x/0/0.0 


3. Configure the wireless interface to be part of a zone, assign required security policies and commit the 
configuration. 


Configure access point 
To configure the access point associated with the wireless LAN interface wl-x/0/0: 


1. Configure the name of the wireless access point. 


[edit] 
user@host# set wlan access-point name interface wl-x/0/0 


2. Set the country code (applicable only for SRX-MP-WLAN-WW models of the Mini-PIM). 


NOTE: If you do not set the country code for the SRX-MP-WLAN-WW models, the Mini-PIM 
considers the country code as US. The country code for the SRX-MP-WLAN-US and 
SRX-MP-WLAN-IL models are set and cannot be changed. 


[edit] 
user@host# set wlan access-point name access-point-options country country-code 


3. Set the physical location (location of your hardware device, example: 1st-floor). 
[edit] 


user@host# set wlan access-point name location location 


4. Commit the configuration. 
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Configure Radios 


Every access point has two radios—radio 1 operates at 5-GHz bandwidth and radio 2 operates at 2.4-GHz 
bandwidth. A VAP is configured based on the radio. You can configure up to eight VAPs per radio and 
map up to 16 ESSIDs to individual VLANs. Wi-Fi Mini-PIM supports both the radios (2.4 and 5 GHz) to 
work simultaneously. You can also disable a radio. Table 37 on page 467 lists the modes supported on each 
radio. 


Table 37: Supported Modes on Wi-Fi Mini-PIM Radios 


Radio Supported Modes 


Radio 1 (5.0 GHz) 


an—802.11a and 802.11n clients operating on 5 GHz frequency can connect to the 
access point 


acn—802.11a, 802.11n and 802.11ac clients operating on 5 GHz frequency can 
connect to the access point 


Radio 2 (2.4 GHz) 


gn—802.11g, 802.11b and 802.11n clients operating in 2.4 GHz frequency can connect 
to the access point. This is the default mode for this radio. 


To configure the radio: 


In countries where Dynamic Frequency Selection (DFS) is required, the Wi-Fi card performs appropriate 
checks for radar. DFS is enabled by default. If you set the channel number to auto, the access point selects 
the channel from the list of DFS and non-DFS channels. You can disable DFS by using the dfs-off option: 


set wlan access-point name radio 1 radio-options dfs-off 


NOTE: Only the 5 GHz radio (radio 1) supports DFS. 


For more information on DFS, see Channels and Frequencies Supported on the Wi-Fi Mini-PIM. 


1. Configure the radio mode. Radio 1 supports acn and an modes. Radio 2 supports only gn mode. Note 
that radio 1 operates at 5-GHz and radio 2 operates at 2.4-GHz. 


For radio 1: 


[edit] 
user@host# set wlan access-point name radio 1 radio-options mode (an | acn) 


For radio 2: 


[edit] 
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user@host# set wlan access-point name radio 2 radio-options mode gn 


2. Configure the channel number. If you select auto, then the Mini-PIM chooses the channel automatically. 
By default, channel number is set to auto. 


[edit] 
user@host# set wlan access-point name radio (1 | 2) radio-options channel number (auto | channel-number) 


3. Configure the channel bandwidth. The default channel bandwidth is 20 MHz for the 2.4 GHz radio and 
40 MHz for the 5 GHz radio. You can only set 80 MHz as the channel bandwidth for 5 GHz radio and 
not for 2.4GHz 


[edit] 
user@host# set wlan access-point name radio (1| 2) radio-options channel bandwidth (20 | 40 | 80) 


4. Configure the transmit power. You can configure the transmit power on a per-radio basis. 


NOTE: When you configure the transmit power, the Mini-PIM card will fix transmit power 
to the specified value set, in this case, the power by rate functionality does not work. So it 
is recommended not to set transmit power to a specified value. When you do not configure 
the transmit power (do not fix the transmit power to a specified value), the power by rate 
functionality works. If you configure the transmit power percentage to 100, then it chooses 
the option "auto", the behavior is similar to no transmit power configured and power by rate 
functionality will work. 


[edit] 
user@host# set wlan access-point name radio (1| 2) radio-options transmit-power percent 


5. Commit the configuration. 


Configure Virtual access Points (VAP) 


VAPs allow segmentation of the wireless LAN into multiple broadcast domains that are the wireless 
equivalents of Ethernet VLANs. To configure the virtual access point: 


1. Configure the VAP settings. 
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[edit] 
user@host# set wlan access-point name radio (1| 2) virtual-access-point id description description 


[edit] 
user@host# set wlan access-point name radio (1| 2) virtual-access-point id ssid ssid 


2. Configure either the WPA Enterprise or the WPA Personal authentication methods for the VAP. 


none—The data transferred between clients and the access point is not encrypted. Clients can associate 
with the access point without any authentication. 


[edit] 
user@host# set wlan access-point name radio (1| 2) virtual-access-point id security none 


wpa-enterprise—The device authenticates through an 802.1X-compliant RADIUS server. 


[edit] 

user@host# set wlan access-point name radio (1| 2) virtual-access-point id security wpa-enterprise 
cipher-suites ccmp 

user@host# set wlan access-point name radio (1 2) virtual-access-point id security wpa-enterprise radius-port 


port 

user@host# set wlan access-point name radio (1| 2) virtual-access-point id security wpa-enterprise radius-key 
secret-key 

user@host# set wlan access-point name radio (1| 2) virtual-access-point id security wpa-enterprise wpa-version 
v2 


Wpa-personal—The device uses preshared keys (PSKs) or a passphrase for authentication and 
encryption. 


[edit] 

user@host# set wlan access-point name radio (1| 2) virtual-access-point id security wpa-personal cipher-suites 
ccmp 

user@host# set wlan access-point name radio (1| 2) virtual-access-point id security wpa-personal key-type 
(ascii|hex) 

user@host# set wlan access-point name radio (1| 2) virtual-access-point id security wpa-personal key key 

user@host# set wlan access-point name radio (1| 2) virtual-access-point id security wpa-personal wpa-version 
v2 


3. Configure and specify the upload and download rate limits on the Wi-Fi Mini-PIM. The range for 
upload-limit and download-limit is from 256 Kbps to 1,048,576 Kbps. 
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[edit] 
user@host# set wlan access-point name radio (1| 2) virtual-access-point id upload-limit upload-limit-rate 
user@host# set wlan access-point name radio (1| 2) virtual-access-point id download-limit download-limit-rate 


4. Specify the number maximum number of clients that can be connected to the VAP. 


[edit] 
user@host# set wlan access-point name radio (1| 2) virtual-access-point id maximum-stations number 


5. Commit the configuration. 


After completing the configuration successfully completed, you can view the parameters by using the 
show wlan access-points name detail command. 


Configure VLANS 


Configure VLANs based on VAP 


(Optional) A single access point is segregated into multiple individual virtual access points (VAPs) simulating 
multiple access points in a single system. The access point supports multiple VLANs. To configure the 
VLAN ID based on the VAP: 


1. Configure the VLAN for the wireless LAN interface (wl- interface). Follow the below steps to configure 
VLAN ID based on the VAP : 


[edit] 
user@host# set vlans vian-name vlan-id vian-id 


user@host# set vlans vian-name vlan-id-list vid-list 
user@host# set interfaces wl-x/0/0 unit unit-number family ethernet-switching vlan members all 


2. Set trunk mode on the wil- interface. 


[edit] 
user@host# set interfaces wl-x/0/0 unit unit-number family ethernet-switching interface-mode trunk 


3. Set trunk mode for the native VLAN of the wl- interface. 


[edit] 
user@host# set interfaces wl-x/0/0 native-vlan-id vian-id 
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4. Configure the access point for the wl- interface. 


[edit] 
user@host# set wlan access-point name interface wl-x/0/0 


5. Configure all VAP parameters including the radio mode, channel number, and VAP SSID, VAP VLAN 
ID on the Wi-Fi Mini-PIM. 


[edit] 

user@host# set wlan access-point name radio (1| 2) radio-options mode (an| gn | acn) 

user@host# set wlan access-point name radio (1| 2) radio-options channel number (auto | channel-number) 
user@host# set wlan access-point name radio (1| 2) virtual-access-point id ssid ssid 

user@host# set wlan access-point name radio (1| 2) virtual-access-point id vlan vian-id 


6. Commit the configuration. 


Configure Multiple VLANs and SSIDs 


You can configure 8 VAPs on each radio and each VAP is identified by the SSID. Up to 16 SSIDs can be 
configured on the Wi-Fi Mini-PIM. You can map a VLAN to each SSID or you can assign a single VLAN 
for multiple SSIDs The client connects to the VAP using the SSID and is associated to the VLAN that is 
mapped to the SSID. 


You can configure multiple SSIDs to provide varied levels of access to different devices and users. Here 
is a sample configuration for three different types of users connecting to different VAPs. Each VAP is 
associated with a different VLAN. 


Interface VLAN ID Address pool VAP SSID Address pool 
wl-2/0/0.0 100 junosDHCPPool 192.168.2.0/24 
wl-2/0/0.10 10 junosDHCPPool1 VAP1 VAP-10 192.168.10.0/24 
wl-2/0/0.20 20 junosDHCPPool2 VAP2 VAP-20 192.168.20.0/24 
wl-2/0/0.30 30 junosDHCPPool3 VAP3 VAP-30 192.168.30.0/24 


1. Configure the interface to be part of the security zone. 
user@host# set security zones security-zone trust interfaces wl-2/0/0.0 


2. Configure a security zone. 
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user@host# set security zones security-zone trust host-inbound-traffic system-services dhcp 
. Enable the DHCP server on the interface and configure the address pool for the Wi-Fi interface: 


user@host# set system services dhcp-local-server group jdhcp-group interface wl-2/0/0.0 
user@host# set access address-assignment pool junosDHCPPool family inet network 192.168.2.0/24 
user@host# set access address-assignment pool junosDHCPPool family inet range junosRange low 
192.168.2.2 

user@host# set access address-assignment pool junosDHCPPool family inet range junosRange high 
192.168.2.254 

user@host# set access address-assignment pool junosDHCPPool family inet dhcp-attributes router 
192.168.2.1 


. Configure flexible VLAN tagging on the Wi-Fi interface: 


user@host# set interfaces wl-2/0/0 flexible-vlan-tagging 
user@host# set interfaces wl-2/0/0 native-vlan-id 100 


. Configure the VLANs 


user@host# set interfaces wl-2/0/0 unit O vilan-id 100 
user@host# set interfaces wl-2/0/0 unit O family inet address 192.168.2.1/24 


. Repeat steps 2 through 5 for the wl-2/0/0.10, wl-2/0/0.20, and wl-2/0/0.30 interfaces. 


. Configure the access point settings: 


user@host# set wlan access-point name interface wl-2/0/0 
user@host# set wlan access-point name access-point-options country US 


user@host# set wlan access-point name location California 
. Configure the radio settings: 
For radio 1: 


user@host# set wlan access-point name radio 1 radio-options mode acn 
user@host# set wlan access-point name radio 1 radio-options channel number auto 


user@host# set wlan access-point name radio 1 radio-options channel bandwidth 40 
For radio 2: 


user@host# set wlan access-point name radio 2 radio-options mode gn 


user@host# set wlan access-point name radio 2 radio-options channel number auto 
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user@host# set wlan access-point name radio 2 radio-options channel bandwidth 40 


. Configure the VAPs. 
VAP1: 


user@host# set wlan access-point name radio 1 virtual-access-point 1 description VAP1 
user@host# set wlan access-point name radio 1 virtual-access-point 1 ssid VAP-10 

user@host# set wlan access-point name radio 1 virtual-access-point 1 vlan 10 

user@host# set wlan access-point name radio 1 virtual-access-point 1 security wpa-personal 
cipher-suites ccmp 

user@host# set wlan access-point name radio 1 virtual-access-point 1 security wpa-personal key-type 
ascii 

user@host# set wlan access-point name radio 1 virtual-access-point 1 security wpa-personal key 
ascii-string 

user@host# set wlan access-point name radio 1 virtual-access-point 1 security wpa-personal 
Wwpa-version v2 

user@host# set wlan access-point name radio 1 virtual-access-point 1 upload-limit 1000 
user@host# set wlan access-point name radio 1 virtual-access-point 1 download-limit 1000 


user@host# set wlan access-point name radio 1 virtual-access-point 1 maximum-stations 70 
VAP2: 


user@host# set wlan access-point name radio 1 virtual-access-point 2 description VAP2 
user@host# set wlan access-point name radio 1 virtual-access-point 2 ssid VAP-20 

user@host# set wlan access-point name radio 1 virtual-access-point 2 vlan 20 

user@host# set wlan access-point name radio 1 virtual-access-point 2 security wpa-personal 
cipher-suites ccmp 

user@host# set wlan access-point name radio 1 virtual-access-point 2 security wpa-personal key-type 
ascii 

user@host# set wlan access-point name radio 1 virtual-access-point 2 security wpa-personal key 
ascii-string 

user@host# set wlan access-point name radio 1 virtual-access-point 2 security wpa-personal 
Wpa-version v2 

user@host# set wlan access-point name radio 1 virtual-access-point 2 upload-limit 1000 
user@host# set wlan access-point name radio 1 virtual-access-point 2 download-limit 1000 


user@host# set wlan access-point name radio 1 virtual-access-point 2 maximum-stations 80 
VAP3: 


user@host# set wlan access-point name radio 2 virtual-access-point 3 description VAP3 
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user@host# set wlan access-point name radio 2 virtual-access-point 3 ssid VAP-30 

user@host# set wlan access-point name radio 2 virtual-access-point 3 vlan 30 

user@host# set wlan access-point name radio 2 virtual-access-point 3 security wpa-personal 
cipher-suites ccmp 

user@host# set wlan access-point name radio 2 virtual-access-point 3 security wpa-personal key-type 
ascii 

user@host# set wlan access-point name radio 2 virtual-access-point 3 security wpa-personal key 
ascii-string 

user@host# set wlan access-point name radio 2 virtual-access-point 3 security wpa-personal 
wpa-version v2 

user@host# set wlan access-point name radio 2 virtual-access-point 3 upload-limit 1000 
user@host# set wlan access-point name radio 2 virtual-access-point 3 download-limit 1000 


user@host# set wlan access-point name radio 2 virtual-access-point 3 maximum-stations 70 
10. Commit the configuration. 


user@host# commit 


Configure WPA enterprise authentication 


(Optional) Wi-Fi protected access (WPA) enterprise is Wi-Fi alliance standard that uses RADIUS server 
authentication with AES-CCMP cipher suite. With this mode you can use high security encryption along 
with a centrally managed user authentication. Only the WPA2 standard is supported. To configure the 
WPA enterprise authentication: 


1. Configure the address book and assign a security zone. 
[edit] 
user@host# set security address-book book-name address address-name ip-prefix 


user@host# set security address-book book-name attach zone trust 
user@host# set security address-book book-name attach zone dot1x 


2. Configure security source rule-set from trust zone to the WPA authentication. 
[edit] 


user@host# set security nat source rule-set rule-set-name from zone trust 
user@host# set security nat source rule-set rule-set-name to zone dot1x 


3. Configure the security source to match the source and destination address. 
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[edit] 
user@host# set security nat source rule-set rule-set-name rule rule-name match source-address ip-address 
user@host# set security nat source rule-set rule-set-name rule rule-name match destination-address ip-address 


4. Configure the UDP protocol and security source on the interface. 


[edit] 
user@host# set security nat source rule-set rule-set-name rule rule-name match protocol udp 
user@host# set security nat source rule-set rule-set-name rule rule-name then source-nat interface 


5. Assign the security policies to the source and destination address. 


[edit] 

user@host# set security policies from-zone trust to-zone dot1x policy internet-access match source-address 
ip-address 

user@host# set security policies from-zone trust to-zone dot1x policy internet-access match 
destination-address ip-address 

user@host# set security policies from-zone trust to-zone dot1x policy internet-access match application 
any 

user@host# set security policies from-zone trust to-zone dot1x policy internet-access then permit 


6. Commit the configuration. 


After completing the configuration successfully completed, you can view the parameters by using the 
show wlan access-points name virtual-access-points command. 


Verification 


Purpose 


Display information about the parameters configured on the Wi-Fi Mini-PIM. 


Action 
e To display the details of all the access points configured on the Mini-PIM: 


user@host> show wlan access-points 


Active access points information 


Access-—Point Type Interface Radio-mode/Channel 


103=22 eyo Int 


wl-1/0/0 Ciif2, ain/ 57 


e To display the status of the specific access point. 


user@host> show wlan access-point i03-22-ap detail 


Active access point detail information 


Access Point 
Type 

Location 

Serial Number 
Firmware Version 
Alternate Version 
Country 

Access Interface 
Packet Capture 
Ethernet Port: 
MAC Address 

IPv4 Address 
Radiol: 

Status 

AC Address 

ode 

Channel 

Radio2: 

Status 

MAC Address 

Mode 

Channel 





SEE ALSO 


| wlan | 735 


A322 Bi) 

Internal 

EAESE Wiloor, Builekme 8 
850001809 

LO oto 368 

IW odo Sot 

US 

wl-1/0/0 

Disabled 


OOcidas ler iee Os ai 
192 168.1. 5 


On 

Os lrg l2gaOs say 20 
IEEE 802.11la/n 
124 (5620 MHz) 




















On 
Q00:1F:12:H0:84:30 
IEEE 802.11g/n 

3 (2422 MHz) 
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Configuring 1-Port Clear Channel DS3/E3 GPIM 


IN THIS SECTION 
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Example: Configuring the 1-Port Clear-Channel DS3/E3 GPIM for M23 Mapping Mode | 486 


The 1-Port Clear Channel DS3/E3 GPIM is a channel interface that can support full-duplex DS3 (T3) or 
E3 line rates. The below topics shows the overview of the interface, examplse on how to configure the 
1-Port Clear Channel DS3/E3 GPIM for DS3 port mode, E3 port mode and M23 mapping mode respectively. 


| Understanding the 1-Port Clear Channel DS3/E3 GPIM 


IN THIS SECTION 


Supported Features | 479 
Interface Naming | 479 
Physical Interface Settings | 479 


Logical Interface Settings | 480 


The 1-Port Clear Channel DS3/E3 Gigabit-Backplane Physical Interface Module (GPIM) for the device 
functions as a clear channel interface that can support full-duplex DS3 (T3) or E3 line rates of 44.796 or 
34.368 Mbps, respectively. The DS3/E3 interface is a popular high-bandwidth WAN interface for large 
enterprise branch locations that enables high-quality voice, video, and data applications with reduced 
latency. The GPIM device does not support channelization, but it supports a subrate DS3/E3 configuration. 


This topic includes the following sections: 
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Supported Features 


The clear channel implementation provides such features as subrate and scrambling options used by major 
DSU vendors. The following key features are available depending on the interface and mode selections: 


e Framed and unframed DS3 (default) and E3 port modes 


Support for frame relay, point-to-point, and HDLC serial encapsulation protocols 


Support for popular vendor algorithms for subrate and payload scrambling 


Support for generation and detection of loopback control codes (line-loopback activate and deactivate) 
and FEAC codes 


External and internal clocking support 


Support for DS3 and E3 network alarms 


Support for chassis clusters 


Support for anti-counterfeit check 


Loopback (local, remote, and payload) and BERT/PRBS/QRSS diagnostics support 
e MTU size of 4474 bytes (default) and 9192 bytes (maximum) 


Interface Naming 


The following format represents the 1-Port Clear Channel DS3/E3 GPIM interface names: 


type-fpc/pic/port 


where: 

e type—Media type (T3 or E3) 

e fpc—Number of the Flexible PIC Concentrator (FPC) card on which the physical interface is located 
e pic—Number of the PIC on which the physical interface is located 

e port—Specific port on the PIC 


Examples: t3-1/0/0 and e3-2/0/0 


Physical Interface Settings 


The 1-Port Clear Channel DS3/E3 GPIM supports IP configurations. Using the CLI, you can configure the 
1-Port Clear Channel DS3/E3 GPIM to operate in either DS3 or E3 mode. By default, at installation the 
physical interface, t3-x/y/z, is enabled on the GPIM port operating in DS3 mode with T3 framing. 
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You can reset the mode of the physical interface to E3 using the edit chassis command: 


[edit] 
user@host# set chassis fpc 1 pic O port O framing e3 


Logical Interface Settings 


The logical interface for the device is determined by setting the t3-options or e3-options of the edit 


interfaces command. 


You can specify the MTU size for the GPIM interface. Junos OS supports an MTU value of 4474 bytes for 
the default value or up to 9192 bytes for maximum jumbo GPIM implementations. 


Table 13 on page 90 identifies network interface specifications for DS3 or E3 modes. 


Table 38: 1-Port Clear Channel DS3/E3 GPIM Interface Options 


Description DS3 Mode 


Network Interface Specifications 


Line encoding B3ZS 


Framing e C-bit parity (default) 
e M23 


Subrate and scrambling Vendor algorithms supported: 


e Adtran 

e Digital Link 
e Kentrox 

e Larscom 


e Verilink 


Network alarms Supported in accordance with the ANSI 
specification: 
e Loss of signal (LOS) 
e Out of frame (OOF) 
e Loss of frame (LOF) 
e Alarm identification Signal (AIS) 
e Remote defect identification (RDI) 


E3 Mode 


HDB3 


G.751 (default) 


Vendor algorithms supported: 


e Digital Link 


e Kentrox 


Supported in accordance with the 
ITU-T specification: 


e Loss of signal (LOS) 

e Out of frame (OOF) 

e Alarm identification signal (AIS) 
e Remote defect identification (RDI) 
e Phase- locked loop (PLL) 
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Table 38: 1-Port Clear Channel DS3/E3 GPIM Interface Options (continued) 


Description 


Error counters 


HDLC Features 


MTU 


Shared flag 


Idle flag/fill (Ox7e or all ones) 


Counters 


SEE ALSO 


DS3 Mode 


Incremented during a periodic 
1-second polling routine: 


e Line code violations (LCV) 
e P-bit code violations (PCV) 
e C-bit code violations (CCV) 
e Line errored seconds (LES) 
e P-bit errored seconds (PES) 
e C-bit errored seconds (CES) 


e Severely errored framing seconds 
(SEFS) 


e P-bit severely errored seconds 
(PSES) 


e C-bit severely errored seconds 
(CSES) 


e Unavailable seconds (UAS) 


Default (4474 bytes) or maximum 
jumbo (up to 9192 bytes) 


Supported 


Supported 


Runts, giants 


Interface Naming Conventions | 35 


E3 Mode 


Incremented during a periodic 
1-second polling routine: 


e Frame alignment error (FAE) 


Bipolar coding violations (BCV) 
e Excessive zeros (EXZ) 


Line code violations (LCV) 


e Line errored seconds (LES) 


e Severely errored framing seconds 
(SEFS) 


e Unavailable seconds (UAS) 


Default (4474 bytes) or maximum 
jumbo (up to 9192 bytes) 


Supported 


Supported 


Runts, giants 
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Example: Configuring the 1-Port Clear-Channel DS3/E3 GPIM for DS3 Port 
Mode 


IN THIS SECTION 


@ Requirements | 482 
@ Overview | 482 
@® = Configuration | 482 


This example configures the GPIM in the DS3 (T3) operation mode. 


Requirements 


Before you begin: 


e Install the device as specified in the SRX Series Services Physical Interface Modules Hardware Guide. 


Overview 


This example configures the basic T3 interface and modifies the framing to C-bit parity mode. 


Configuration 


Step-by-Step Procedure 
To configure the GPIM: 


1. Verify the installation, location, and status of the GPIM. In this example, the GPIM is installed in slot 
8/PIC O and is currently online. 


user@host> show chassis fpc pic-status 


Slot 0 Online FPC 
PIC 0 Online 4x GE Base PIC 
Sloe 2 Oseieilains 1i2Xe 
Slot 5 Offline FPC 
Slot 6© Online FPC 





PIC 0 Online 4x CT1E1 gPIM 
Slots (Orme ince Hee 
Sloe 8 Onlime mee 

PLC © Omiliine ike CwWR Cal W3/im0S} 








. Set the IP address for the logical interface. 


[edit] 
user@host# set interfaces t3-8/0/0 unit 0 family inet address interface 192.107.1.230/24 


. Set the MTU value to 9018. 


[edit] 
user@host# set interfaces t3-8/0/0 unit 0 family inet mtu 9018 


. Set the framing mode. 


[edit] 
user@host# set interfaces t3-8/0/0 t3-options cbit-parity 


. Enable the unframed DS3 mode. 


[edit] 
user@host# set interfaces t3-8/0/0 t3-options unframed 


. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


. To verify the configuration for your device, enter the following operational command: 


user@host> show interfaces t3-8/0/0 extensive 
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Example: Configuring the 1-Port Clear Channel DS3/E3 GPIM for E3 Port 
Mode 


IN THIS SECTION 


@ Requirements | 484 
@ Overview | 484 
@ Configuration | 484 


This example modifies the default configuration for an E3 environment. 


Requirements 


Before you begin: 


e Install the device as specified in the SRX Series Services Physical Interface Modules Hardware Guide. 


Overview 


This example configures the basic E3 interface. 


Configuration 


Step-by-Step Procedure 
To configure the GPIM in E3 framing: 


1. Verify the installation, location, and status of the GPIM. In this example, the GPIM is installed in slot 
8/PIC O and is currently online. 


user@host> show chassis fpc pic-status 


Slot 0 Online FPC 
PIC 0 Online 4x GE Base PIC 
Sloe 2 Oseieilains 1i2Xe 
Slot 5 Offline FPC 
Slot 6© Online FPC 





PIC 0 Online 4x CT1E1 gPIM 
Slots (Orme ince Hee 
Sloe 8 Onlime mee 

PLC © Omiline ike Cw Cal W/m) 








. Change to E3 port mode. 


[edit] 
user@host# set chassis fpc 8 pic O port O framing e3 


. Reset the MTU value to 3474. 


[edit] 
user@host# set interfaces e3-8/0/0 unit O family inet mtu 3474 


. Enable the unframed mode. 


[edit] 
user@host# set interfaces e3-8/0/0 e3-options unframed 


. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


. To verify the configuration for your device, enter the following operational command: 


user@host> show interfaces e3-8/0/0 extensive 
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Example: Configuring the 1-Port Clear-Channel DS3/E3 GPIM for M23 
Mapping Mode 


IN THIS SECTION 


@ Requirements | 486 
@ Overview | 486 
@® Configuration | 486 


The following example configures the GPIM in DS3 with M23 mapping mode. Note that M23 mapping 
does not provide C-bit parity. 


Requirements 


Before you begin: 


e Install the device as specified in the SRX Series Services Physical Interface Modules Hardware Guide. 


Overview 


This example configures the basic T3 interface and modifies the framing to M23 mode without C-bit parity. 


Configuration 


Step-by-Step Procedure 
To configure the GPIM: 


1. Verify the installation, location, and status of the GPIM. In this example, the GPIM is installed in slot 
8/PIC O and is currently online. 


user@host> show chassis fpc pic-status 


Slot 0 Online FPC 

PIC 0 Online 4x GE Base PIC 
Slot 2 Offline FPC 
Sloe 5 Oiiildme Mac 





Slot © Online FPC 

PIC 0 Online 4x CT1E1 gPIM 
Sloe 7 Wie ilaioe 1i2Xe 
Slot 8 Online FPC 

Pe © Omilime ik CUR Csi W3/in3 








. Set the IP address for the logical interface. 


[edit] 
user@host# set interfaces t3-8/0/0 unit 0 family inet address interface 192.107.1.230/24 


. Set the MTU value to 9018. 


[edit] 
user@host# set interfaces t3-8/0/0 unit O family inet mtu 9018 


. Set the framing mode. 


[edit] 
user@host# set interfaces t3-8/0/0 t3-options m23 


. Disable C-bit parity for M23 mode. 


[edit] 
user@host# set interfaces t3-8/0/0 t3-options no-cbit-parity 


. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


. To verify the configuration for your device, enter the following operational command: 


user@host> show interfaces t3-8/0/0 extensive 
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Configuring 3G Wireless Modems for WAN 
Connections 


IN THIS SECTION 


3G Wireless Modem Overview | 488 

3G Wireless Modem Configuration Overview | 489 
Understanding the Dialer Interface | 491 

Example: Configuring the Dialer Interface | 493 

Understanding the 3G Wireless Modem Physical Interface | 500 
Example: Configuring the 3G Wireless Modem Interface | 501 
Understanding the GSM Profile | 502 

Example: Configuring the GSM Profile | 503 

Unlocking the GSM 3G Wireless Modem | 504 


The topics below discuss the overview and configuration of 3G Wireless Modem, dialer interface, and 3G 


Wireless Modem physical interface. 


3G Wireless Modem Overview 


3G refers to the third generation of mobile phone standards and technology based on the International 
Telecommunication Union (ITU) International Mobile Telecommunications-2000 (IMT-2000) global standard. 


3G networks are wide area cellular telephone networks that have evolved to include high-data rate services 
of up to 3 Mbps. This increased bandwidth makes 3G networks a viable option as primary or backup wide 
area network (WAN) links for a branch office. 


Juniper Networks security devices support 3G wireless interfaces (USB-based 3G modems). When used 


in a branch office, these devices can provide dial-out services to PC users and forward IP traffic through 


a service provider's cellular network. 


Figure 28 on page 489 illustrates a basic setup for 3G wireless connectivity for two branch offices. Branch 
Office A has a T1 leased line as the primary wide area network (WAN) link and a 3G wireless modem 


connection as the failover link. Branch Office B uses the 3G wireless modem connection as the primary 
WAN link. 
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Figure 28: Wireless WAN Connections for Branch Offices 
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| 3G Wireless Modem Configuration Overview 


Before you begin: 


1. Install your SRX Series device and establish basic connectivity for your device. For more information, 
see the SRX Series Hardware Guide for your device. 


2. Obtain a supported 3G wireless modem card for the device. 


3. Establish an account with a cellular network service provider. Contact your service provider for more 
information. 


4. With the services gateway powered off, insert the 3G wireless modem card into the ExpressCard slot 
(SRX320 devices) or 3G USB modems (SRX300 devices). Power on the device. The EXPCARD LED (for 
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SRX320) and 3G LED (SRX320) on the front panel of the device indicates the status of the 3G wireless 
modem interface. 


4 
A 


al ; WARNING: The device must be powered off before you insert the 3G wireless 


modem card in the ExpressCard slot (SRX320) or integrated 3G USB modem 
(SRX320). Do not insert or remove the card when the device is powered on. 


To configure and activate the 3G wireless modem card: 


1. Configure a dialer interface. See “Example: Configuring the Dialer Interface” on page 493. 


2. Configure the 3G wireless modem interface. See “Example: Configuring the 3G Wireless Modem 
Interface” on page 501. 


3. Configure security zones and policies, as needed, to allow traffic through the WAN link. See Example: 
Creating Security Zones. 


To use the 3G USB modems on the SRX210 device: 


1. Upgrade the BIOS software packaged inside the Junos OS image. For detailed information about BIOS 
upgrade procedures, see the Software Installation and Upgrade Guide. 


NOTE: You need the BIOS version of 2.1 or higher to use the 3G USB modems on the SRX210 


device. 


2. Configure the WAN port using the CLI command set chassis routing-engine usb-wwan port 1 to enable 
the USB port to use the U319 USB modem. 


3. Plug the 3G USB modem in to the appropriate USB slot (USB port 1) on the device. 


NOTE: You can use the USB modem with a standard USB extension cable of 1.8288 meters 
(6 ft) or longer. 


4. Reboot the device to start using the 3G USB modem. 
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| Understanding the Dialer Interface 


IN THIS SECTION 


Dialer Interface Configuration Rules | 491 
Dialer Interface Authentication Support for GSM HSDPA 3G Wireless Modems | 492 


Dialer Interface Functions | 492 


Dialer Interface Operating Parameters | 492 


The dialer interface, dln, is a logical interface for configuring properties for modem connections. You can 
configure multiple dialer interfaces on an SRX Series device. A dialer interface and a dialer pool (which 
includes the physical interface) are bound together in a dialer profile. 


The dialer interface for 3G wireless modems is no longer supported on SRX300, SRX320, SRX340, SRX345, 
SRX380, and SRX550HM devices. 


This topic contains the following sections: 


Dialer Interface Configuration Rules 


The following rules apply when you configure dialer interfaces for 3G wireless modem connections: 


e The dialer interface must be configured to use the default Point-to-Point Protocol (PPP) encapsulation. 
You cannot configure Cisco High-Level Data Link Control (HDLC) or Multilink PPP (MLPPP) encapsulation 
on dialer interfaces. 


e You cannot configure the dialer interface as a constituent link in a multilink bundle. 
e You cannot configure any dial-in options for the dialer interface. 


You configure the following for a dialer interface: 


e Adialer pool to which the physical interface belongs. 

e Source IP address for the dialer interface. 

e Dial string (optional) is the destination number to be dialed. 
e Authentication, for GSM HSDPA 3G wireless modem cards. 


e Watch list, if the dialer interface is a backup WAN link. 


With GSM HSDPA 3G wireless modem cards, you might need to configure PAP or CHAP for authentication 
with the service provider network. The service provider must supply the username and password, which 
you configure in an access profile. You then specify the access profile in a dialer interface. 


Next you set the dialer interface as a backup WAN link to a primary interface. Then you create a dialer 
watch to enable the device to monitor the route to a head office router and set a dialer pool. Finally, you 
create a dialer filter firewall rule for traffic from the branch office to the main office router and associate 
the dialer filter with a dialer interface. 


Dialer Interface Authentication Support for GSM HSDPA 3G Wireless Modems 


For GSM HSDPA 3G wireless modems, you configure a dialer interface to support authentication through 
Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP). 


CHAP is a server-driven, three-step authentication method that depends on a shared secret password 
that resides on both the server and the client. When you enable CHAP on a dialer interface, the device 
can authenticate its peer and be authenticated by its peer. 


PAP allows a simple method for a peer to establish its identity using a two-way handshake during initial 
link establishment. After the link is established, an identification and password pair is repeatedly sent by 
the peer to the authenticator until authentication is acknowledged or the connection is terminated. 


Dialer Interface Functions 


The dialer interface can perform backup, dialer filter, and dialer watch functions, but these operations are 
mutually exclusive. You can configure a single dialer interface to operate in only one of the following ways: 


e As a backup interface for a single primary WAN connection. The dialer interfaces are activated only 
when the primary interface fails. The 3G wireless modem backup connectivity is supported on all interfaces 
except Isq-0/0/0. 


e Asa dialer filter. The Dialer filter enables the 3G wireless modem connection to be activated only when 
specific network traffic is sent on the backup WAN link. You configure a firewall rule with the dialer 
filter option, and then apply the dialer filter to the dialer interface. 


e As a dialer watch interface. With dialer watch, the SRX Series device monitors the status of a specified 
route and if the route disappears, the dialer interface initiates the 3G wireless modem connection as a 
backup connection. To configure dialer watch, you first add the routes to be monitored to a watch list 
in a dialer interface; specify a dialer pool for this configuration. Then configure the 3G wireless modem 
interface to use the dialer pool. 


Dialer Interface Operating Parameters 


You can also specify optional operating parameters for the dialer interface: 
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e Activation delay—Number of seconds after the primary interface is down before the backup interface 
is activated. The default value is O seconds, and the maximum value is 60 seconds. Use this option only 
if dialer watch is configured. 


Deactivation delay—Number of seconds after the primary interface is up before the backup interface is 


deactivated. The default value is O seconds, and the maximum value is 60 seconds. Use this option only 
if dialer watch is configured. 


Idle timeout—Number of seconds the connection remains idle before disconnecting. The default value 
is 120 seconds, and the range is from O to 4,294,967,295 seconds. 


Initial route check—Number of seconds before the primary interface is checked to see if it is up. The 


default value is 120 seconds, and the range is from 1 to 300 seconds. 


Example: Configuring the Dialer Interface 


IN THIS SECTION 


Requirements | 493 
Overview | 493 
Configuration | 494 


Verification | 500 


This example shows how to configure the dialer interface for 3G wireless modem connections. 


The dialer interface for 3G wireless modems is no longer supported on SRX300, SRX320, SRX340, SRX345, 
SRX380, and SRX550HM devices. 


Requirements 


Before you begin, install your SRX Series device and establish basic connectivity for your device. See “3G 
Wireless Modem Configuration Overview” on page 489. 


Overview 


In this example, you first configure the dialer interface as dlO, specify the PPP encapsulation dialer pool 
as 1, specify the dial string as 14691, and negotiate the address option for the interface IP address. 
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Configuration 


IN THIS SECTION 


Configuring a Dialer Interface | 494 
Configuring PAP on the Dialer Interface | 495 
Configuring CHAP on the Dialer Interface | 496 


® 

® 

td 

@ Configuring the Dialer Interface as a Backup WAN Connection | 497 
@® Configuring Dialer Watch for the 3G Wireless Modem Interface | 498 
e 


Configuring a Dialer Filter for the 3G Wireless Modem Interface | 499 


Configuring a Dialer Interface 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces dlO description 3g-wireless encapsulation ppp unit 0 dialer-options pool 1 dial-string 14691 
set interfaces dl0 unit 0 family inet negotiate-address 


Step-by-Step Procedure 


1. Set the interface and specify the PPP encapsulation, dialer pool, and dial string. 
[edit] 


user@host# set interfaces dlO description 3g-wireless encapsulation ppp unit O dialer-options pool 1 dial-string 
14691 


2. Set the negotiate address option for the interface IP address. 
[edit] 


user@host# set interfaces dlO unit 0 family inet negotiate-address 


Results 


From configuration mode, confirm your configuration by entering the show interfaces dlO command. If 
the output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


[edit] 

user@host# show interfaces dlO 
description 3g-wireless; 
encapsulation ppp; 

unit O { 
family inet { 
negotiate-address; 

} 
dialer-options { 
pool 1; 

dial-string 14691; 

} 


If you are done configuring the device, enter commit from configuration mode. 


Configuring PAP on the Dialer Interface 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set access profile pap-1 client clientX pap-password 7a*6b%5c 
set interfaces dlO unit O ppp-options pap access-profile pap-1 


Step-by-Step Procedure 


1. Configure a PAP access profile. 


[edit] 
user@host# set access profile pap-1 client clientX pap-password 7a*6b%5c 


2. Associate the PAP access profile with a dialer interface. 


[edit] 
user@host# set interfaces dlO unit 0 ppp-options pap access-profile pap-1 


Results 
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From configuration mode, confirm your configuration by entering the show interfaces dlO and show access 
profile pap-1 commands. If the output does not display the intended configuration, repeat the configuration 
instructions in this example to correct it. 


[edit] 
user@host# show interfaces dlO 
unit O { 
ppp-options { 
pap { 
access-profile pap-1; 


} 


} 
[edit] 
user@host# show access profile pap-1 
client clientX pap-password "$9$jnqTz3nCBESu01hSrKvZUDkaf"; ## SECRET-DATA 


If you are done configuring the device, enter commit from configuration mode. 


Configuring CHAP on the Dialer Interface 


CLI Quick Configuration 


With GSM HSDPA 3G wireless modem cards, you may need to configure CHAP for authentication with 
the service provider network. The service provider must supply the username and password, which you 
configure in an access profile. You then specify this access profile in a dialer interface. 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set access profile chap-1 client clientX chap-secret 7a*6b%5c 
set interfaces dlO unit O ppp-options chap access-profile chap-1 


Step-by-Step Procedure 
1. Configure a CHAP access profile. 


[edit] 
user@host# set access profile chap-1 client clientX chap-secret 7a*6b%5c 


2. Associate the CHAP access profile with a dialer interface. 


[edit] 
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user@host# set interfaces dlO unit 0 ppp-options chap access-profile chap-1 


Results 

From configuration mode, confirm your configuration by entering the show access profile chap-1 and 
show interfaces dl0 commands. If the output does not display the intended configuration, repeat the 
configuration instructions in this example to correct it. 


[edit] 
user@host# show access profile chap-1 
client clientX chap-secret "$9 $neYpCO1REyWx-Kv87-VsYQF39Cu'"; ## SECRET-DATA 
[edit] 
user@host# show interfaces dlO 
unit O { 
ppp-options { 
chap { 
access-profile chap-1; 


} 


If you are done configuring the device, enter commit from configuration mode. 


Configuring the Dialer Interface as a Backup WAN Connection 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces ge-0/0/1 unit 0 backup-options interface dlO 


Step-by-Step Procedure 


1. Set interface back up option. 


[edit] 
user@host# set interfaces ge-0/0/1 unit 0 backup-options interface dlO 


Results 

From configuration mode, confirm your configuration by entering the show interfaces ge-0/0/1 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 
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[edit] 

user@host# show interfaces ge-0/0/1 
unit O { 
backup-options { 

interface dl0.0; 

} 


If you are done configuring the device, enter commit from configuration mode. 


Configuring Dialer Watch for the 3G Wireless Modem Interface 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces dlO description dialer-watch unit 0 dialer-options watch-list 200.200.201.1/32 
set interfaces dlO description dialer-watch unit 0 dialer-options pool dw-pool 


Step-by-Step Procedure 


1. Create a dialer watch. 


[edit] 
user@host# set interfaces dlO description dialer-watch unit 0 dialer-options watch-list 200.200.201.1/32 


2. Set a dialer pool. 


[edit] 
user@host# set interfaces dlO description dialer-watch unit 0 dialer-options pool dw-pool 


Results 

From configuration mode, confirm your configuration by entering the show interfaces dlO command. If 
the output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


[edit] 

user@host# show interfaces dlO 
description dialer-watch; 
unit O { 
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dialer-options { 
watch-list { 
200.200.201.1/32; 

} 

} 


If you are done configuring the device, enter commit from configuration mode. 


Configuring a Dialer Filter for the 3G Wireless Modem Interface 


CLI Quick Configuration 

To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set firewall family inet dialer-filter traffic-filter term term1 then note 


Step-by-Step Procedure 


1. Associate the dialer filter with a dialer interface. 


[edit] 
user@host# set firewall family inet dialer-filter traffic-filter term term1 then note 


2. Check your other changes to the configuration before committing. 


[edit] 
user@host# commit check 


Results 


From configuration mode, confirm your configuration by entering the show firewall command. If the output 
does not display the intended configuration, repeat the configuration instructions in this example to correct 
it. 


[edit] 
user@host# show firewall 
family inet { 
dialer-filter traffic-filter { 
term term-1 { 
then note; 
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If you are done configuring the device, enter commit from configuration mode. 


Verification 


Confirm that the configuration is working properly. 
Verifying the Configuration 
Purpose 


Verify the configuration output. 


Action 


Verify the configuration output by entering the show interfaces command. 


Understanding the 3G Wireless Modem Physical Interface 


You configure two types of interfaces for 3G wireless modem connectivity—the physical interface and a 
logical dialer interface. 


The physical interface for the 3G wireless modem uses the name cl-0/0/8. This interface is automatically 
created when a 3G wireless modem is installed in the device. 


The 3G wireless modem physical interface is no longer supported on SRX300, SRX320, SRX340, SRX345, 
SRX380, and SRX550HM devices. 


You configure the following properties for the physical interface: 


e Adialer pool to which the physical interface belongs and the priority of the interface in the pool. A 
physical interface can belong to more than one dialer pool. The dialer pool priority has a range from 1 
to 255, with 1 designating the lowest-priority interfaces and 255 designating the highest-priority 
interfaces. 


e Modem initialization string (optional). These strings begin with AT and execute Hayes modem commands 
that specify modem operation. 


e GSM profile for establishing a data call with a GSM cellular network. 


By default, the modem allows access to networks other than the home network. 
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| Example: Configuring the 3G Wireless Modem Interface 


IN THIS SECTION 


Requirements | 501 
Overview | 501 
Configuration | 501 


Verification | 502 


This example shows how to configure the 3G wireless modem interface. 


The 3G wireless modem physical interface is no longer supported on SRX300, SRX320, SRX340, SRX345, 
SRX380, and SRX550HM devices. 


Requirements 


Before you begin, configure a dialer interface. See “Example: Configuring the Dialer Interface” on page 493. 


Overview 


In this example, you configure the physical interface as cl-0/0/8 for the 3G wireless modem to use dialer 
pool 1 and set the priority for the dialer pool to 25. You also configure a modem initialization string to 
autoanswer after two rings. 


Configuration 


Step-by-Step Procedure 


To configure the 3G wireless modem interface: 


1. Specify the dialer pool. 


[edit] 
user@host# set interfaces cl-0/0/8 dialer-options pool 1 priority 25 


2. Specify the modem options. 


[edit] 
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user@host# set interfaces cl-0/0/8 modem-options init-command-string “ATSO=2\n” 


3. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interfaces cl-0/0/8 modem options 
command. 


Understanding the GSM Profile 


To allow data calls to a Global System for Mobile Communications (GSM) network, you must obtain the 
following information from your service provider: 


e Username and password 


e Access point name (APN) 


e Whether the authentication is Challenge Handshake Authentication Protocol (CHAP) or Password 
Authentication Protocol (PAP) 


You configure this information ina GSM profile associated with the 3G wireless modem physical interface. 
You can configure up to 16 different GSM profiles, although only one profile can be active at a time. 


NOTE: You also need to configure a CHAP or PAP profile with the specified username and 
password for the dialer interface. 


Subscriber information is written to the Subscriber Identity Module (SIM) on the GSM HSDPA 3G wireless 
modem card. If the SIM is locked, you must unlock it before activation by using the master subsidy lock 
(MSL) value given by the service provider when you purchase the cellular network service. 


Some service providers may preload subscriber profile information on a SIM card. The assigned subscriber 
information is stored in profile 1, while profile O is a default profile created during manufacturing. If this 
is the case, specify profile 1 for the GSM profile associated with the 3G wireless modem physical interface. 
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Configuring the information in a GSM profile associated with the 3G wireless modem physical interface 
is no longer supported on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices. 


| Example: Configuring the GSM Profile 


IN THIS SECTION 


Requirements | 503 
Overview | 503 
Configuration | 504 


Verification | 504 


This example shows how to configure the GSM profile for the 3G wireless modem interface with service 


provider networks such as AT&T and T-Mobile. 


NOTE: Configuring the information in a GSM profile associated with the 3G wireless modem 
physical interface is no longer supported on SRX300, SRX320, SRX340, SRX345, SRX380, and 
SRX550HM devices. 


Requirements 


Before you begin: 
e Configure a dialer interface. See “Example: Configuring the Dialer Interface” on page 493 


? 


e Configure the 3G wireless modem interface. See “Example: Configuring the 3G Wireless Modem Interface’ 


on page 501. 


Overview 


In this example, you configure the following information provided by a service provider in a GSM profile 
called juniper99 that is associated with the 3G wireless modem physical interface cl-0/0/8: 


e Username—juniper99 


e Password—1@#éahgfh 
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e Access point name (APN)—apn.service.com 


e Authentication method—CHAP 


Then you activate the profile by specifying the profile ID as profile-id 1. 


Configuration 


Step-by-Step Procedure 


To configure a GSM profile for the 3G wireless modem interface: 


1. Create a GSM profile. 
[edit] 


user@host> request modem wireless gsm create-profile profile-id 1 sip-user-id juniper99 sip-password 
16ahgfh access-point-name apn.service.com authentication-method chap 


2. Activate the profile. 


[edit] 
user@host# set interface cl-0/0/8 cellular-options gsm-options select-profile profile-id 1 


3. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interfaces cl-0/0/8 command. 


Unlocking the GSM 3G Wireless Modem 


The subscriber identity module (SIM) in the GSM 3G wireless modem card is a detachable smart card. 
Swapping out the SIM allows you to change the service provider network, however some service providers 
lock the SIM to prevent unauthorized access to the service provider's network. If this is the case, you will 
need to unlock the SIM by using an personal identification number (PIN), a four-digit number provided by 
the service provider. 


505 


NOTE: Unlocking the SIM in a 3G wireless modem card is not supported on SRX300, SRX320, 
SRX340, SRX345, SRX380, and SRX550HM devices. 


Before you begin, obtain the PIN from the service provider. 
Use the CLI operational mode command to unlock the SIM on the GSM 3G wireless modem card. 
This example uses the PIN 3210 from the service provider. 


To unlock the SIM on the GSM 3G wireless modem card: 


user@host> request modem wireless gsm sim-unlock cl-0/0/8 pin 3210 


A SIM is blocked after three consecutive failed unlock attempts; this is a security feature to prevent brute 
force attempts to unlock the SIM. When the SIM is blocked, you need to unblock the SIM with an eight-digit 
PIN unlocking key (PUK) obtained from the service provider. 


To unlock the SIM automatically on reboot: 


user@host# set interfaces cl-0/0/8 cellular-options gsm-options sim-unlock-code 


Enter PIN: 








user@host 


NOTE: On SRX300, SRX320 devices, when you power on or reboot the device, the Subscriber 
Identity Module (SIM) will be locked. If the SIM Personal Identification Number (PIN) or the 
unlock code is configured in the set interfaces cl-0/0/8 cellular-options gsm-options 
sim-unlock-code configuration command, then Junos OS attempts to unlock the SIM only once. 
This is to keep the SIM from being blocked. If the SIM is blocked, you must provide a PIN 
Unblocking Key (PUK) obtained from the service provider. If the wrong SIM PIN is configured, 
the SIM will remain locked, and the administrator can unlock it by using the remaining two 
attempts. 


Use the CLI operational mode command to unblock the SIM. 


This example uses the PUK 76543210 from the service provider. 
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To unblock the SIM: 


user@host> request modem wireless gsm sim-unblock cl-0/0/8 puk 76543210 


NOTE: If you enter the PUK incorrectly ten times, you will need to return the SIM to the service 


provider for reactivation. 


Configuring CDMA EV-DO Modem Cards 


IN THIS SECTION 


Understanding Account Activation for CDMA EV-DO Modem Cards | 506 
Activating the CDMA EV-DO Modem Card Manually | 509 
Activating the CDMA EV-DO Modem Card with IOTA Provisioning | 512 


Activating the CDMA EV-DO Modem Card with OTASP Provisioning | 513 


The below topics discuss the account activation for CDMA EV-DO Modem Cards and activation details 


on security devices. 
| Understanding Account Activation for CDMA EV-DO Modem Cards 


IN THIS SECTION 


@ = Obtaining Electronic Serial Number (ESN) | 507 
@ = Account Activation Modes | 508 
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Account activation is the process of enabling the CDMA EV-DO wireless modem card to connect to your 
service provider's cellular network. This is a one-time process where your subscriber information is saved 
in nonvolatile memory on the card. The procedure you use to perform account activation depends upon 
the service provider network. 


NOTE: Activating an account fora CDMA EV-DO 3G wireless modem card is no longer supported 
on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices. 


Before activating an account, you can verify the signal strength on the 3G wireless modem interface by 
using the show modem wireless interface cl-0/0/8 rssi command. The signal strength should be at least 
-90 dB and preferably better than -80 dB (-125 dB indicates nil signal strength). If the signal strength is 

below -90 dB, activation may not be possible from that location. For example: 


user@host> show modem wireless interface cl-0/0/8 rssi 
Current Radio Signal Strength (RSSI) = -98 dBm 


This topic contains the following sections: 


Obtaining Electronic Serial Number (ESN) 


The service provider requires the electronic serial number (ESN) of the 3G wireless modem card to activate 
your account and to generate the necessary information you need to activate the card. You can obtain 
the ESN number of the modem card in the following ways: 


e Inspect the modem card itself; the ESN is printed on the card. 


e Use the CLI show modem wireless interface cl-0/0/8 firmware command, as shown in the following 
example, and note the value for the Electronic Serial Number (ESN) field: 


user@host> show modem wireless interface cl-0/0/8 firmware 


Modem Firmware Version : p2005600 


Modem Firmware built date : 12-09-07 


Card type : Aircard 597E — CDMA EV-DO revA 








Manufacturer : Sierra Wireless, Inc. 
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Hardware Version : 1.0 


Electronic Serial Number (ESN) : 0x6032688F 








Preferred Roaming List (PRL) Version : 20224 





Supported Mode : lxev-do rev-a, 1x 


Current Modem Temperature : 32 degrees Celsius 





Modem Activated : YES 





Activation Date: 2-06-08 


Modem PIN Security : Unlocked 


Power-up lock : Disabled 


Account Activation Modes 


For the CDMA EV-DO 3G wireless modem card, account activation can be done through one or more of 
the following modes: 


e Over the air service provisioning (OTASP)—protocol for programming phones over the air using Interim 
Standard 95 (IS-95) Data Burst Messages. 


To activate the 3G wireless modem card with OTASP, you need to obtain from the service provider the 
dial number that the modem will use to contact the network. Typically, OTASP dial numbers begin with 
the feature code *228 to indicate an activation call type to the cellular network's base transceiver station, 
followed by additional digits specified by the service provider. 


Internet-based over the air (IOTA) provisioning—method for programming phones for voice and data 


services 
e Manually providing the required information by entering in a CLI operational mode command 


Sprint uses manual and IOTA activation, whereas Verizon uses only OTASP. 
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NOTE: The 3G wireless modem is set into Single-Carrier Radio Transmission Technology (1xRTT) 
mode automatically when it is activated for Verizon networks. 


| Activating the CDMA EV-DO Modem Card Manually 


Manual activation stores the supplied values into the 3G wireless modem card's nonvolatile memory. This 
topic describes the activation of the CDMA EV-DO 3G wireless modem card for use with service provider 
networks such as Sprint. 


NOTE: Activating a CDMA EV-DO 3G wireless modem card manually is no longer supported 
on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices. 


Before you begin, the service provider must activate your account before you can activate the CDMA 
EV-DO 3G wireless modem card. 


Using the electronic serial number (ESN) you provided and your account information, the service provider 
supplies you with the following information for manual activation of the 3G wireless modem card: 


e Master subsidy lock (MSL)—activation code 

e Mobile directory number (MDN)—10-digit user phone number 

e International mobile station identify (IMSI)—Mobile subscriber information 

e Simple IP user identification (SIP-ID)—Username 

e Simple IP password (SIP-Password)—Password 

You also need to obtain the following information from the 3G wireless modem card itself for the activation: 
e System identification (SID)—Number between 0 and 32767 

e Network identification (NID)—Number between O and 65535 


Use the CLI show modem wireless interface cl-0/0/8 network command to display the SID and NID, as 
shown in the following example: 


user@host> show modem wireless interface cl-0/0/8 network 





Running Operating mode : 1xEV-DO (Rev A) and 1xRTT 


Call Setup Mode : Mobile IP only 


System Identifier (SID) : 3421 
Network Identifier (NID) : 91 
Roaming Status(1xRTT) : Home 


Idle Digital Mode : HDR 


System Time : Wed Jun6 15:16:9 2008 


Use the CLI operational mode command to manually activate the 3G wireless modem card. 
This example uses the following values for manual activation: 

e MSL (from service provider)—43210 

e MDN (from service provider)—0123456789 

e IMSI (from service provider)—0123456789 

e SIP-ID (from service provider)—jnpr 

e SIP-Password (from service provider)—jn9rl 

e SID (from modem card)—12345 

e NID (from modem card)—12345 


To activate the CDMA EV-DO 3G wireless modem card manually: 


user@host> request modem wireless interface cl-0/0/8 activate manual msl 43210 mdn 0123456789 
imsi 0123456789 sid 12345 nid 12345 sip-id jnpr sip-password jn9rl 


Checking status... 


Modem current activation status: Not Activated 


SivenaieanGmraeiteskwicite © mpm 
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Performing 


Performing 


Performing 


Performing 


Performing 


Performing 


Configuration Commit Result: 
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account activation step 1/6 : [Unlock] Done 

account activation step 2/6 : [Set MDN] Done 

ACCOUNE MA CEnvicieloOnmstCp ms) OMe LOCeNOLE Enrol Done 

account activation step 4/6 : [Set IMSI] Done 

account activation step 5/6 : [Set SID/NID] Done 

account activation step 6/6 : [Commit/Lock] Done 
BASS) 


Resetting the modem 


Done 


Account activation in progress. It can take up to 5 minutes 


Pleas 


check th 


trae 





logs for details. 


To check the trace log for account activation details: 


user@host> tail -f /var/log/wwand.log 


Jun 


Jun 


Jun 


Jun 


ee) 


ZS) 


2S) 


ZS) 


04: 


04: 


04: 


04: 


42: 


ASK 


43: 


44: 


So 


45: 


560 


23 


IOTA 


IOTA 


IOTA 


IOTA 


el-0/0/8 


el-0/ 0/8 


el-0/ 0/8 


cl-0/0/8 





EVjicnic LO LARS cdisthrn ns mOleCcess 
OTA SPE unlocks... “SUECeCeSs's 
Committing OTA Parameters to NVRAM... Success 


Over the air provisioning... Complete 
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Jun 25 04:44:04: IOTA cl-0/0/8 IOTA Event: IOTA End... Success 








| Activating the CDMA EV-DO Modem Card with IOTA Provisioning 


Manual activation stores the supplied values in the 3G wireless modem card's nonvolatile memory. If the 
modem card is reset or you need to update Mobile IP (MIP) parameters, use the CLI operational mode 
command to activate the modem card with IOTA. 


NOTE: Activating aCDMA EV-DO 3G wireless modem card with lIOTA provisioning is no longer 
supported on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices. 


Before you begin, activate the CDMA EV-DO 3G wireless modem card. See “Understanding Account 
Activation for CDMA EV-DO Modem Cards” on page 506. 


To activate the CDMA EV-DO 3G wireless modem card with IOTA: 


user@host> request modem wireless interface cl-0/0/8 activate iota 


Beginning IOTA Activation. It can take up to 5 minutes 


Please check the trace logs for details. 





To check the trace log for account activation details: 


user@host> tail -f /var/log/wwand.log 





OMT SO An AS Sy ee Oi AmeH OF 0) ASmenicni= sl OLAm Gt ciate SUeCess 
Jun 25 04:43:45: IOTA cl-0/0/8 OTA SPL unlock... Success 
Jun 25 04:43:56: IOTA cl-0/0/8 Committing OTA Parameters to NVRAM... Success 


Jun 25 04:44:02: IOTA cl-0/0/8 Over the air provisioning... Complete 
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Jun 25 04:44:04: IOTA cl-0/0/8 IOTA Event: IOTA End... Success 


| Activating the CDMA EV-DO Modem Card with OTASP Provisioning 


This topic describes the activation of the CDMA EV-DO 3G wireless modem card for use with service 
provider networks such as Verizon. 


NOTE: Activating a CDMA EV-DO 3G wireless modem card with OTASP provisioning is no 
longer supported on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices. 


Before you begin: 


e Obtain the dial number that the modem will use to contact the network from the service provider. 


e The service provider must activate your account before OTASP provisioning can proceed. 
Use the CLI operational mode command to activate the 3G wireless modem card. 
In this example, the dial number from the service provider is *22864. 


To activate the CDMA EV-DO 3G wireless modem card with OTASP provisioning: 


user@host> request modem wireless interface cl-0/0/8 activate otasp dial-string *22864 


OTASP number *22286*, Selecting NAM 0 
Beginning OTASP Activation. It can take up to 5 minutes 


Please check the trace logs for details. 





To check the trace log for account activation details: 


user@host> tail -f /var/log/wwand.log 


Jun 25 04:42:55: OTASP cl—-0/0/8 OTA SPL unlock... Success 
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Jun 25 04:43:42: OTASP cl-0/0/8 OTA PRL download... Success 

Jun 25 04:43:55: OTASP cl-0/0/8 OTA Profile downloaded... Success 

Jun 25 04:43:58: OTASP cl-0/0/8 OTA MDN download... Success 

Jun 25 04:44:04: OTASP cl-0/0/8 Committing OTA Parameters to NVRAM... Success 
Jun 25 04:44:45: Over the air provisioning... Complete 


Configuring USB Modems for Dial Backup 


IN THIS SECTION 


USB Modem Interface Overview | 515 

USB Modem Configuration Overview | 518 

Example: Configuring a USB Modem Interface | 520 

Example: Configuring Dialer Interfaces and Backup Methods for USB Modem Dial Backup | 524 
Example: Configuring a Dialer Interface for USB Modem Dial-In | 532 

Example: Configuring PAP on Dialer Interfaces | 534 


Example: Configuring CHAP on Dialer Interfaces | 536 


The topics below discuss the USB modem interfaces, its configuration details, examples of configuring 
dialer interface, configuring PAP on dialer interface and CHAP on dialer interface. 
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| USB Modem Interface Overview 


Juniper Networks SRX Series devices support the use of USB modems for remote management. You can 
use Telnet or SSH to connect to the device from a remote location through two modems over a telephone 
network. The USB modem is connected to the USB port on the device, and a second modem is connected 
to a remote management device such as a PC or laptop computer. 


NOTE: USB modems are no longer supported for dial backup on SRX300, SRX320, SRX340, 
SRX345, SRX380, and SRX550HM devices. 


You can configure your device to fail over to a USB modem connection when the primary Internet 
connection experiences interruption. 


A USB modem connects to a device through modem interfaces that you configure. The device applies its 
own modem AT commands to initialize the attached modem. Modem setup requires that you connect and 
configure the USB modem at the device and the modem at the user end of the network. 


You use either the J-Web configuration editor or CLI configuration editor to configure the USB modem 
and its supporting dialer interfaces. 


NOTE: Low-latency traffic such as VoIP traffic is not supported over USB modem connections. 


NOTE: We recommend using a US Robotics USB 56k V.92 Modem, model number USR Model 
5637. 


USB Modem Interfaces 


You configure two types of interfaces for USB modem connectivity: 


e A physical interface which uses the naming convention umd0O. The device creates this interface when a 
USB modem is connected to the USB port. 


e A logical interface called the dialer interface. You use the dialer interface, dln, to configure dialing 
properties for USB modem connections. The dialer interface can be configured using Point-to-Point 
Protocol (PPP) encapsulation. You can also configure the dialer interface to support authentication 
protocols—PPP Challenge Handshake (CHAP) or Password Authentication Protocol (PAP). You can 
configure multiple dialer interfaces for different functions on the device. After configuring the dialer 
interface, you must configure a backup method such as a dialer backup, a dialer filter, or a dialer watch. 
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The USB modem provides a dial-in remote management interface, and supports dialer interface features 
by sharing the same dial pool as a dialer interface. The dial pool allows the logical dialer interface and the 
physical interface to be bound together dynamically on a per-call basis. You can configure the USB modem 
to operate either as a dial-in console for management or as a dial-in WAN backup interface. Dialer pool 
priority has a range from 1 to 255, with 1 designating the lowest priority interfaces and 255 designating 
the highest priority interfaces. 


Dialer Interface Rules 


The following rules apply when you configure dialer interfaces for USB modem connections: 


e The dialer interface must be configured to use PPP encapsulation. You cannot configure Cisco High-Level 
Data Link Control (HDLC) or Multilink PPP (MLPPP) encapsulation on dialer interfaces. 


e The dialer interface cannot be configured as a constituent link in a multilink bundle. 


e The dialer interface can perform backup, dialer filter, and dialer watch functions, but these operations 
are mutually exclusive. You can configure a single dialer interface to operate in only one of the following 
ways: 


e Asa backup interface—for one primary interface 
e Asa dialer filter 


e Asa dialer watch interface 


The backup dialer interfaces are activated only when the primary interface fails. USB modem backup 
connectivity is supported on all interfaces except Isq-0/0/0. 


The dial-on-demand routing backup method allows a USB modem connection to be activated only when 
network traffic configured as an “interesting packet” arrives on the network. Once the network traffic is 
sent, an inactivity timer is triggered and the connection is closed. You define an interesting packet using 
the dialer filter feature of the device. To configure dial-on-demand routing backup using a dialer filter, you 
first configure the dialer filter and then apply the filter to the dialer interface. 


Dialer watch is a backup method that integrates backup dialing with routing capabilities and provides 
reliable connectivity without relying on a dialer filter to trigger outgoing USB modem connections. With 
dialer watch, the device monitors the existence of a specified route. If the route disappears, the dialer 
interface initiates the USB modem connection as a backup connection. 


How the Device Initializes USB Modems 


When you connect the USB modem to the USB port on the device, the device applies the modem AT 
commands configured in the init-command-string command to the initialization commands on the modem. 


If you do not configure modem AT commands for the init-command-string command, the device applies 
the following default sequence of initialization commands to the modem: AT S7=45 SO=0 V1 X4 &C1 EO 
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Q0 &Q8 %CO. Table 39 on page 517 describes the commands. For more information about these commands, 
see the documentation for your modem. 


Table 39: Default Modem Initialization Commands 


Modem Command Description 
AT Attention. Informs the modem that a command follows. 
S$7=45 Instructs the modem to wait 45 seconds for a telecommunications service 


provider (carrier) signal before terminating the call. 


SO=0 Disables the auto answer feature, whereby the modem automatically answers 
calls. 

v1 Displays result codes as words. 

&C1 Disables reset of the modem when it loses the carrier signal. 

EO Disables the display on the local terminal of commands issued to the modem 


from the local terminal. 


QO Enables the display of result codes. 
&Q8 Enables Microcom Networking Protocol (MNP) error control mode. 
%CO Disables data compression. 


When the device applies the modem AT commands in the init-command-string command or the default 
sequence of initialization commands to the modem, it compares them to the initialization commands already 
configured on the modem and makes the following changes: 


e If the commands are the same, the device overrides existing modem values that do not match. For 
example, if the initialization commands on the modem include SO=0 and the device’s init-command-string 
command includes SO=2, the device applies SO=2. 


e If the initialization commands on the modem do not include a command in the device’s 
init-command-string command, the device adds it. For example, if the init-command-string command 
includes the command L2, but the modem commands do not include it, the device adds L2 to the 
initialization commands configured on the modem. 
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NOTE: On SRX210 devices, the USB modem interface can handle bidirectional traffic of up to 
19 Kbps. On oversubscription of this amount (that is, bidirectional traffic of 20 Kbps or above), 
keepalives do not get exchanged, and the interface goes down. (Platform support depends on 
the Junos OS release in your installation.) 


| USB Modem Configuration Overview 


NOTE: USB modems are no longer supported for dial backup on SRX300, SRX320, SRX340, 
and SRX345 devices. 


Before you begin: 


1. Install device hardware. For more information, see the Getting Started Guide for your device. 
2. Establish basic connectivity. For more information, see the Getting Started Guide for your device. 
3. Order a US Robotics USB 56k V.92 Modem, model number USR Model 5637 (http://www.usr.com/). 


4. Order a public switched telephone network (PSTN) line from your telecommunications service provider. 
Contact your service provider for more information. 


5. Connect the USB modem to the device's USB port. 


NOTE: When you connect the USB modem to the USB port on the device, the USB modem 
is initialized with the modem initialization string configured for the USB modem interface on 
the device. 


a. Plug the modem into the USB port. 


b. Connect the modem to your telephone network. 


Suppose you have a branch office router and a head office router each with a USB modem interface and 


a dialer interface. This example shows you how to establish a backup connection between the branch 
office and head office routers. See Table 40 on page 519 for a summarized description of the procedure. 


Table 40: Configuring Branch Office and Head Office Routers for USB Modem Backup Connectivity 


Router Location Configuration Requirement 


Branch Office Configure the logical dialer interface on 
the branch office router for USB modem 
dial backup. 


Configure the dialer interface dlO on the 
branch office router using one of the 
following backup methods: 


e Configure the dialer interface dlO as the 
backup interface on the branch office 
router's primary T1 interface t1-1/0/0. 


e Configure a dialer filter on the branch 
office router's dialer interface. 

e Configure a dialer watch on the branch 
office router's dialer interface. 


Head Office Configure dial-in on the dialer interface 
dlO on the head office router. 


Procedure 


To configure the logical dialer 
interface, see “Example: Configuring 
a USB Modem Interface” on page 520. 


Configure the dialer interface using 


one of the following backup methods: 


e To configure dlO as a backup for 
t1-1/0/0 see “Example: Configuring 
Dialer Interfaces and Backup 
Methods for USB Modem Dial 
Backup” on page 524. 


e To configure a dialer filter on dlO, 
see “Example: Configuring Dialer 
Interfaces and Backup Methods for 
USB Modem Dial Backup” on 
page 524. 


e To configure a dialer watch on dlO, 
see “Example: Configuring Dialer 
Interfaces and Backup Methods for 
USB Modem Dial Backup” on 
page 524. 


To configure dial-in on the head office 
router, see “Example: Configuring a 
Dialer Interface for USB Modem 
Dial-In” on page 532. 


If the dialer interface is configured to accept only calls from a specific caller ID, the device matches the 
incoming call's caller ID against the caller IDs configured on its dialer interfaces. If an exact match is not 
found and the incoming call's caller ID has more digits than the configured caller IDs, the device performs 
a right-to-left match of the incoming call's caller ID with the configured caller IDs and accepts the incoming 
call if a match is found. For example, if the incoming call's caller ID is 4085321091 and the caller ID 
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configured on a dialer interface is 5321091, the incoming call is accepted. Each dialer interface accepts 
calls from only callers whose caller IDs are configured on it. 


See Table 41 on page 520 for a list of available incoming map options. 
Table 41: Incoming Map Options 


Option Description 


accept-all Dialer interface accepts all incoming calls. 


You can configure the accept-all option for only one of the dialer interfaces 
associated with a USB modem physical interface. The dialer interface with 
the accept-all option configured is used only if the incoming call's caller 
ID does not match the caller IDs configured on other dialer interfaces. 


caller Dialer interface accepts calls from a specific caller ID. You can configure 
a maximum of 15 caller IDs per dialer interface. 


The same caller ID must not be configured on different dialer interfaces. 
However, you can configure caller IDs with more or fewer digits on 

different dialer interfaces. For example, you can configure the caller IDs 
14085551515, 4085551515, and 5551515 on different dialer interfaces. 


You configure dialer interfaces to support PAP. PAP allows a simple method for a peer to establish its 
identity using a two-way handshake during initial link establishment. After the link is established, an ID 
and password pair are repeatedly sent by the peer to the authenticator until authentication is acknowledged 
or the connection is terminated. 


| Example: Configuring a USB Modem Interface 


IN THIS SECTION 


Requirements | 521 
Overview | 521 
Configuration | 521 


Verification | 522 


This example shows how to configure a USB modem interface for dial backup. 
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NOTE: USB modems are no longer supported for dial backup on SRX300, SRX320, SRX340, 
and SRX345 devices. 


Requirements 


No special configuration beyond device initialization is required before configuring this feature. 


Overview 


In this example, you create an interface called as umdO for USB modem connectivity and set the dialer 
pool priority to 25. You also configure a modem initialization string to autoanswer after a specified number 
of rings. The default modem initialization string is AT S7=45 SO=0 V1 X4 &C1 EO QO &Q8 %CO. The 
modem command SO=0 disables the modem from autoanswering the calls. Finally, you set the modem to 
act as a dial-in WAN backup interface. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces umdO dialer-options pool usb-modem-dialer-pool priority 25 
set modem-options init-command-string "ATSO=2 \n" dialin routable 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide. 


To configure a USB modem interface for dial backup: 


1. Create an interface. 


[edit] 
user@host# edit interfaces umdO 


2. Set the dialer options and priority. 
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[edit interfaces umdO] 
user@host# set dialer-options pool usb-modem-dialer-pool priority 25 


3. Specify the modem options. 


[edit interfaces umdO] 
user@host# set modem-options init-command-string "ATSO=2 \n" 


4. Set the modem to act as a dial-in WAN backup interface. 


[edit interfaces umdO] 
user@host# set modem-options dialin routable 


Results 
From configuration mode, confirm your configuration by entering the show interface umdO command. If 
the output does not display the intended configuration, repeat the configuration instructions in this example 


to correct it. 


[edit] 
user@host# show interface umdO 
modem-options { 
init-command-string "ATSO=2 \n"; 
dialin routable; 


} 
dialer-options { 
pool usb-modem-dialer-pool priority 25; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 
Confirm that the configuration is working properly. 
Verifying the Configuration 


Purpose 


Verify a USB modem interface for dial backup. 


Action 
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From configuration mode, enter the show interfaces umdO extensive command. The output shows a 
summary of interface information and displays the modem status. 




















Physical interface: umdQ, Enabled, Physical link is Up 
Interface index: 64, SNMP ifIndex: 33, Generation: 1 
Type: Async-Serial, Link-level typ PPP-Subordinate, MTU: 1504, 
Clocking: Unspecified, Speed: MODEM 
Device flags Present Running 
Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000 
Link flags None 
Hold-times Up 0 ms, Down 0 ms 
Last flapped Never 
Statistics last cleared: Never 
WCRI SiS ALS eS) 4 
Input bytes POMS) Yi 
Output bytes 225010 
Input packets: WZ 
Output packets: 1832 
Ibayowwhe, (Sueieroes} § 
meworss OW, Wmojoss WO, mieeunaine; Giemorss O, Iumess OW, Ciemess O, Polweacl csceieclss 
0, 
Resource errors: 0 
Output errors: 
CAwrI1Se Cramsittidomss 6S, imeworss OW, Dircese O, Ma Gerors, O, RaS@uUKeS Gricoirss 
0 
MODEM status: 





Modem type 
(Dual Config) Version 2.27m 
Initialization command string 
Initialization status 
Call 
Call 
Call 


Baud 


Sraeus 
duration 
direction 
eclies) 

Most recent error code 
Logical interface umd0.0 (Index 2) 


Flags: Point-To-Point SNMP-Traps 


LT V.92 1.0 MT5634ZBA-USB-V92 Data/Fax Modem 


ATSO=2 

Ok 

Connecuccd Reon Wis oo pirodeS 
13429 seconds 

Dialin 

33600 bps 

NO CARRIER 





(SNMP ifIndex 34) (Generation 1) 





Encapsulation: PPP-Subordinate 
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Example: Configuring Dialer Interfaces and Backup Methods for USB Modem 
Dial Backup 


IN THIS SECTION 


Requirements | 524 
Overview | 524 
Configuration | 525 


Verification | 532 


This example shows how to configure a dialer interfaces and backup methods for USB modem dial backup. 


NOTE: USB modems are no longer supported for dial backup on SRX300, SRX320, SRX340, 
SRX345, SRX380, and SRX550HM devices. 


Requirements 


Before you begin, configure a USB modem for the device. See “Example: Configuring a USB Modem 
Interface” on page 520. 


Overview 


In this example, you configure a logical dialer interface on the branch office router for the USB modem 
dial backup. You then configure dial backup to allow one or more dialer interfaces to be configured as the 
backup link for the primary serial interface. To configure dialer watch, you first add a dialer watch interface 
and then configure the USB modem interface to participate as a dialer watch interface. The USB modem 
interface must have the same pool identifier to participate in dialer watch. Dialer pool name dw-pool is 
used when configuring the USB modem interface. 
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Configuration 


IN THIS SECTION 


Configuring a Dialer Interface for USB Modem Dial Backup | 525 
Configuring a Dial Backup for a USB Modem Connection | 527 
Configuring a Dialer Filter for USB Modem Dial Backup | 528 


Configuring a Dialer Watch for USB Modem Dial Backup | 530 


Configuring a Dialer Interface for USB Modem Dial Backup 


CLI Quick Configuration 

To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces dlO description USB-modem-backup encapsulation ppp 

set interfaces dlO unit O dialer-options activation-delay 60 deactivation-delay 30 idle-timeout 30 
initial-route-check 30 pool usb-modem-dialer-pool 

set interfaces dl0O unit O dialer-options dial-string 5551212 

set interfaces dlO unit O family inet address 172.20.10.2 destination 172.20.10.1 


Step-by-Step Procedure 
The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure a logical dialer interface on the branch office router for the USB modem dial backup: 


1. Create an interface. 


[edit] 
user@host# edit interfaces dlO 


2. Specify a description. 


[edit interfaces dlO] 
user@host# set description USB-modem-backup 


3. Configure PPP encapsulation. 
[edit interfaces dlO] 


user@host# set encapsulation ppp 


NOTE: You cannot configure Cisco High-Level Data Link Control (HDLC) or Multilink PPP 
(MLPPP) encapsulation on dialer interfaces used in USB modem connections. 


4. Create the logical unit. 
[edit interfaces dlO] 


user@host# set unit 0 


NOTE: You can set the logical unit to O only. 


5. Configure the dialer options. 


[edit interfaces dlO] 

user@host# edit unit O dialer-options 

user@host# set activation-delay 60 

user@host# set deactivation-delay 30 

user@host# set idle-timeout 30 initial-route-check 30 pool usb-modem-dialer-pool 


6. Configure the telephone number of the remote destination. 


[edit interfaces dlO unit O dialer-options] 
user@host# set dial-string 5551212 


7. Configure source and destination IP addresses. 
[edit] 


user@host# edit interfaces dlO unit 0 
user@host# set family inet address 172.20.10.2 destination 172.20.10.1 


Results 
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From configuration mode, confirm your configuration by entering the show interfaces dlO command. If 
the output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


[edit] 
user@host# show interfaces dlO 
description USB-modem-backup; 
encapsulation ppp; 
unit O { 
family inet { 
address 172.20.10.2/32 { 
destination 172.20.10.1; 
} 


dialer-options { 
pool usb-modem-dialer-pool; 
dial-string 5551212; 
idle-timeout 30; 
activation-delay 60; 
deactivation-delay 30; 
initial-route-check 30; 


} 


If you are done configuring the device, enter commit from configuration mode. 


Configuring a Dial Backup for a USB Modem Connection 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces t1-1/0/0 unit 0 backup-options interface dl0.0 


Step-by-Step Procedure 


To configure a dial backup for a USB modem connection: 


1. Select the physical interface. 


[edit] 
user@host# edit interfaces t1-1/0/0 unit 0 
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2. Configure the backup dialer interface. 


[edit] 
user@host# set backup-options interface dl0.0 


Results 

From configuration mode, confirm your configuration by entering the show interfaces t1-1/0/0 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 
user@host# show interfaces t1-1/0/0 
encapsulation ppp; 
unit O { 
backup-options { 
interface dl0.0; 
} 


If you are done configuring the device, enter commit from configuration mode. 


Configuring a Dialer Filter for USB Modem Dial Backup 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set firewall family inet dialer-filter interesting-traffic term term1 from source-address 20.20.90.4/32 

set firewall family inet dialer-filter interesting-traffic term term1 from destination-address 200.200.201.1/32 
set firewall family inet dialer-filter interesting-traffic term term1 then note 

set interfaces dl0O unit O family inet filter dialer interesting-traffic 


Step-by-Step Procedure 


To configure a dialer filter for USB modem dial backup: 


1. Create an interface. 


[edit] 
user@host# edit firewall 


2. Configure the dialer filter name. 


[edit] 
user@host# edit family inet 
user@host# edit dialer-filter interesting-traffic 


3. Configure the dialer filter rule name and term behavior. 
[edit] 
user@host# edit term term1 


user@host# set from source-address 20.20.90.4/32 
user@host# set from destination-address 200.200.201.1/32 


4. Configure the then part of the dialer filter. 


[edit] 
user@host# set then note 


5. Select the dialer interface to apply the filter. 


[edit] 
user@host# edit interfaces dlO unit 0 


6. Apply the dialer filter to the dialer interface. 
[edit] 


user@host# edit family inet filter 
user@host# set dialer interesting-traffic 


Results 


From configuration mode, confirm your configuration by entering the show firewall family inet dialer-filter 
interesting-traffic and show interfaces dlOcommands. If the output does not display the intended 
configuration, repeat the configuration instructions in this example to correct it. 


[edit] 


user@host# show firewall family inet dialer-filter interesting-traffic 


term term1 { 
from { 
source-address { 
20.20.90.4/32; 
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destination-address { 
200.200.201.1/32; 


then note; 
} 

[edit] 

user@host# show interfaces dlO 
unit O { 
family inet { 

filter { 
dialer interesting-traffic; 


} 


If you are done configuring the device, enter commit from configuration mode. 


Configuring a Dialer Watch for USB Modem Dial Backup 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces dlO description dialer-watch unit 0 dialer-options watch-list 200.200.201.1/32 
set interfaces dlO unit O dialer-options pool dw-pool 
set interfaces umdO dialer-options pool dw-pool 


Step-by-Step Procedure 


To configure a dialer watch for USB modem dial backup: 


1. Create an interface. 


[edit] 
user@host# edit interfaces 


2. Specify a description. 


[edit] 
user@host# edit dlO 
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user@host# set description dialer-watch 


3. Configure the route to the head office router for dialer watch. 


[edit] 
user@host# edit unit O dialer-options 
user@host# set watch-list 200.200.201.1/32 


4. Configure the name of the dialer pool. 


[edit] 
user@host# set pool dw-pool 


5. Select the USB modem physical interface. 


[edit] 
user@host# edit interfaces umdO dialer-options pool dw-pool 


Results 


From configuration mode, confirm your configuration by entering the show interfaces dlO and show 
interfaces umdO commands. If the output does not display the intended configuration, repeat the 
configuration instructions in this example to correct it. 


[edit] 
user@host# show interfaces dlO 
dialer-options { 
pool dw-pool; 
} 
[edit] 
user@host# show interfaces umdO 
description dialer-watch; 
unit O { 
dialer-options { 
pool dw-pool; 
watch-list { 
200.200.201.1/32; 
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If you are done configuring the device, enter commit from configuration mode. 


Verification 


Confirm that the configuration is working properly. 
Verifying the Configuration 


Purpose 


Verify the configuration output. 


Action 
From operational mode, enter the show interface terse command. 


| Example: Configuring a Dialer Interface for USB Modem Dial-In 


IN THIS SECTION 


Requirements | 532 
Overview | 533 
Configuration | 533 


Verification | 534 


This example shows how to configure a dialer interface for USB modem dial-in. 


NOTE: USB modems are no longer supported for dial-in to a dialer interface on SRX300, SRX320, 
SRX340, and SRX345 devices. 


Requirements 


No special configuration beyond device initialization is required before configuring this feature. 
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Overview 


To enable connections to the USB modem from a remote location, you must configure the dialer interfaces 
set up for USB modem use to accept incoming calls. You can configure a dialer interface to accept all 
incoming calls or accept only calls from one or more caller IDs. 


If the dialer interface is configured to accept only calls from a specific caller ID, the system matches the 
incoming call's caller ID against the caller IDs configured on its dialer interfaces. If an exact match is not 
found and the incoming call's caller ID has more digits than the configured caller IDs, the system performs 
a right-to-left match of the incoming call's caller ID with the configured caller IDs and accepts the incoming 
call if a match is found. For example, if the incoming call's caller ID is 4085550115 and the caller ID 
configured on a dialer interface is 5550115, the incoming call is accepted. Each dialer interface accepts 
calls from only callers whose caller IDs are configured on it. 


You can configure the following incoming map options for the dialer interface: 


accept-all—Dialer interface accepts all incoming calls. 


You can configure the accept-all option for only one of the dialer interfaces associated with a USB 
modem physical interface. The device uses the dialer interface with the accept-all option configured 
only if the incoming call's caller ID does not match the caller IDs configured on other dialer interfaces. 


caller—Dialer interface accepts calls from a specific caller ID— for example, 4085550115. You can 


configure a maximum of 15 caller IDs per dialer interface. 


The same caller ID must not be configured on different dialer interfaces. However, you can configure 
caller IDs with more or fewer digits on different dialer interfaces. For example, you can configure the 
caller IDs 14085550115, 4085550115, and 5550115 on different dialer interfaces. 


In this example, you configure the incoming map option as caller 4085550115 for dialer interface dlO. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces dl0O unit O dialer-options incoming-map caller 4085550115 


Step-by-Step Procedure 


To configure a dialer interface for USB modem dial-in: 


1. Select a dialer interface. 
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[edit] 
user@host# edit interfaces dlO 


2. Configure the incoming map options. 


[edit] 
user@host# edit unit O dialer-options incoming-map caller 4085551515 


3. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interface dlO command. 


| Example: Configuring PAP on Dialer Interfaces 


IN THIS SECTION 


Requirements | 535 
Overview | 535 
Configuration | 535 


Verification | 535 


This example shows how to configure PAP on dialer interfaces. 


NOTE: Configuring PAP on dialer interfaces is no longer supported on SRX300, SRX320, SRX340, 
SRX345, SRX380, and SRX550HM devices. 
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Requirements 


No special configuration beyond device initialization is required before configuring this feature. 


Overview 


In this example, you specify a PAP access profile with a client username and a PAP password and select 
a dialer interface. Finally, you configure PAP on the dialer interface and specify the local name and password. 


Configuration 


Step-by-Step Procedure 


To configure PAP on the dialer interface: 


1. Specify a PAP access profile. 


[edit] 
user@host# set access profile pap-access-profile client pap-access-user pap-password my-pap 


2. Select a dialer interface. 


[edit] 
user@host# edit interfaces dlO unit 0 


3. Configure PAP on the dialer interface. 


[edit] 
user@host# set ppp-options pap local-name pap-access-user local-password my-pap 


4. If you are done configuring the device, commit the configuration. 


[edit] 


user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interface dlO command. 
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| Example: Configuring CHAP on Dialer Interfaces 


IN THIS SECTION 


Requirements | 536 
Overview | 536 
Configuration | 536 


Verification | 537 


This example shows how to configure CHAP on dialer interfaces for authentication. 


Requirements 


No special configuration beyond device initialization is required before configuring this feature. 


Overview 


In this example, you configure dialer interfaces to support CHAP for authentication. CHAP is a server-driven, 
three-step authentication method that depends on a shared secret password residing on both the server 
and the client. You specify a CHAP access profile with a client username and a password. You then specify 
a dialer interface as dlO. Finally, you enable CHAP on a dialer interface and specify a unique profile name 


containing a client list and access parameters. 


Configuration 


Step-by-Step Procedure 


To configure CHAP on a dialer interface: 


1. Specify a CHAP access profile. 


[edit] 
user@host# set access profile usb-modem-access-profile client usb-modem-user chap-secret my-secret 


2. Select a dialer interface. 


[edit] 
user@host# edit interfaces dlO unit 0 
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3. Enable CHAP on the dialer interface. 


[edit] 
user@host# set ppp-options chap access-profile usb-modem-access-profile 


4. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


Verification 


To verify the configuration is working properly, enter the show interface dl0 command. 
Configuring DOCSIS Mini-PIM Interfaces 


IN THIS SECTION 


@ DOCSIS Mini-PIM Interface Overview | 537 
@ Software Features Supported on DOCSIS Mini-PIMs | 539 
@ ~~ Example: Configuring the DOCSIS Mini-PIM Interfaces | 541 


Data over Cable Service Interface Specifications (DOCSIS) define the communications and operation 
support interface requirements for a data-over-cable system. The topics below discuss the overview of 
DOCSIS Mini-PIM interface, its configuration details, and software features supported on DOCSIS Mini-PIM 
interfaces on SRX series devices. 


| DOCSIS Mini-PIM Interface Overview 


Data over Cable Service Interface Specifications (DOCSIS) define the communications and operation 
support interface requirements for a data-over-cable system. Cable operators use DOCSIS to provide 
Internet access over their existing cable infrastructure for both residential and business customers. DOCSIS 
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3.0 is the latest interface standard, allowing channel bonding to deliver speeds higher than 100 Mbps 
throughput in either direction, far surpassing other WAN technologies such as T1/E1, ADSL2+, ISDN, and 
DS3. 


NOTE: On SRX210 Services Gateway, the DOCSIS Mini-PIM delivers speeds up to a maximum 
of 100 Mbps throughput in each direction. 


NOTE: DOCSIS Mini-PIM interfaces are no longer supported on SRX300, SRX320, SRX340, 
SRX345, SRX380, and SRX550HM devices. 


DOCSIS network architecture includes a cable modem on SRX Series Services Gateways with a DOCSIS 
Mini-Physical Interface Module (Mini-PIM) located at customer premises and a cable modem termination 
system (CMTS) located at the head-end or data center locations. Standards-based DOCSIS 3.0 Mini-PIM 
is interoperable with CMTS equipment. The DOCSIS Mini-PIM provides backward compatibility with CMTS 
equipment based on the following standards: 


e DOCSIS 2.0 
e DOCSIS 1.1 
e DOCSIS 1.0 


The cable modem interface of Mini-PIM is managed and monitored by CMTS through SNMP. This DOCSIS 
3.0 Mini-PIM can be deployed in any multiple service operator (MSO) networks. The primary application 
is for distributed enterprise offices to connect to a CMTS network through the DOCSIS 3.0 (backward 
compatible to 2.0, 1.1, and 1.0) interface. The DOCSIS Mini-PIM uses PIM infrastructure developed for 
third-party PIMs. 


The Mini-PIM can also be used with encapsulations other than GRE, PPPoE, and IP-in-IP. 


NOTE: The following interface trace options are supported: 


e all—Enable all interface trace flags 
e event—Trace interface events 
e ipc—Trace interface IPC messages 


e media—Trace interface media changes 
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CMTS manages and monitors the cable modem interface of then Mini-PIM through SNMP. This DOCSIS 
3.0 Mini-PIM can be deployed in any multiple MSO network. Figure 29 on page 539 shows a typical use 
for this Mini-PIM in an MSO network. 


Figure 29: Typical DOCSIS End-to-End Connectivity Diagram 
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| Software Features Supported on DOCSIS Mini-PIMs 


NOTE: DOCSIS Mini-PIM interfaces are no longer supported on SRX300, SRX320, SRX340, 
SRX345, and SRX550HM devices. 


Table 42 on page 540 lists the software features supported on DOCSIS Mini-PIMs. 
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Table 42: Software Features Supported on DOCSIS Mini-PIMs 


Software Feature 


DHCP and DHCPvé6 clients 


QoS support 


SNMP support 


MAC address 


Transparent bridging 


Description 


The DHCP and DHCPvé6 clients are used to get the IP address from the CMTS using 
the DHCP protocol. DHCP is supported on IPv4 and IPvé6. One of the main components 
of the configuration file is the static public IP address, which CMTS assigns to the cable 
modem. The management IP address is configured on the Mini-PIM’s hybrid fiber 
coaxial (HFC) interface, which performs the following tasks: 


e Allows CMTS to execute remote monitoring and management of the Mini-PIM’s 
cable interface. 


e Downloads the configuration file from CMTS and uses it for configuring the cable 
interface. 


The SRX Series device’s Routing Engine is configured through the existing QoS CLI. 
Because the configuration on the SRX Series device’s Routing Engine and Mini-PIM is 
done together, the QoS configuration has to be consistent between the Routing Engine 
and the cable modem interface. The QoS mechanisms on the Routing Engine are 
decoupled from the QoS mechanisms on the Mini-PIM. 


The configuration file downloaded from CMTS contains parameters for primary and 
secondary flows. These parameters are programmed in the DOCSIS Mini-PIM. The 
Mini-PIM sends these parameters to the Routing Engine through the PIM infrastructure. 
The secondary flows are prioritized over primary flows in the DOCSIS Mini-PIM. 


CMTS issues the SNMP requests that go to the cable modem. The DOCSIS MIB on 
the SRX Series device’s Routing Engine displays the Ethernet interface of the cable 
modem. The following features are supported on the DOCSIS Mini-PIM: 


e NAT support 
e Dying gasp support 


e Back pressure information 


The MAC address of the DOCSIS Mini-PIM is statically set at the factory and cannot 
be changed. The MAC address is retrieved from the Mini-PIM and assigned to the cable 
modem interface in Junos OS. 


The DOCSIS Mini-PIM performs transparent bridging by sending the packets received 
on the Ethernet interface with the SRX Series device to the HFC interface and vice 
versa, without any modifications to the packet. All the other services such as webserver, 
DHCP server, and DNS server are disabled on the DOCSIS Mini-PIM during transparent 
bridging. 
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| Example: Configuring the DOCSIS Mini-PIM Interfaces 


IN THIS SECTION 


Requirements | 541 
Overview | 541 
Configuration | 541 


Verification | 543 


This example shows how to configure DOCSIS Mini-PIM network interfaces for SRX210, SRX220, and 
SRX240 devices. 


NOTE: DOCSIS Mini-PIM interfaces are no longer supported on SRX300, SRX320, SRX340, 
SRX345, SRX380, and SRX550HM devices. 


Requirements 


Before you begin: 


e Establish basic connectivity. See the Quick Start for your device. 


e Configure network interfaces as necessary. See “Example: Creating an Ethernet Interface” on page 208. 


Overview 


In this example, you configure the DOCSIS Mini-PIM interface as cm-2/0/0. You specify the physical 
properties by setting the interface trace options and the flag option. You then set the logical interface to 
unit O and specify the family protocol type as inet. Finally, you configure the DHCP client. 


Configuration 


CLI Quick Configuration 

To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces cm-2/0/0 traceoptions flag all 
set interfaces cm-2/0/0 unit 0 family inet dhcp 


Step-by-Step Procedure 
To configure the DOCSIS Mini-PIM network interfaces: 


1. Configure the interface. 


[edit] 
user@host# edit interfaces cm-2/0/0 


2. Set the interface trace options. 


[edit] 
user@host# set interfaces cm-2/0/0 traceoptions 


3. Specify the flag option. 


[edit] 
user@host# set interfaces cm-2/0/0 traceoptions flag all 


4. Set the logical interface. 


[edit] 
user@host# set interfaces cm-2/0/0 unit 0 


5. Specify the family protocol type. 


[edit] 
user@host# set interfaces cm-2/0/0 unit O family inet 


6. Configure the DHCP client. 


[edit] 
user@host# set interfaces cm-2/0/0 unit 0 family inet dhcp 


Results 


542 


543 


From configuration mode, confirm your configuration by entering the show interfaces cm-2/0/0 command. 
If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 
user@host# show interfaces cm-2/0/0 
traceoptions { 
flag all; 
} 
unit O { 
family inet { 
dhcp; 
} 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


@ Verifying the DOCSIS Interface Properties | 543 


Confirm that the configuration is working properly. 


Verifying the DOCSIS Interface Properties 


Purpose 


Verify that the DOCSIS interface properties are configured properly. 


Action 


From operational mode, enter the show interfaces cm-2/0/0 command. 


user@host> show interfaces cm-2/0/0 extensive 





Physical interface: cm-2/0/0, Enabled, Physical link is Up 
Interface index: 154, SNMP ifIndex: 522, Generation: 157 
Link-level type: Ethernet, MTU: 1518, Speed: 40mbps 





Link flags : None 








Hold-times : Up 0 ms, Down O ms 


State : OPERATIONAL, Mode: 2.0, Upstream speed: 




















Downstream scanning: CM_MEDIA_STATE_DONE, Ranging 





: CM_MEDIA_STATE_DONE 
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Sigmel CO mOLse wercidos Bl, 7/62909 21 SH00Is 7oS17472 14. 924058 
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Downstream buffers used 2720 
Downstream buffers free 3 
Upstream buffers free g 
Upstream buffers used g 0 
Request opportunity burst sO eMSiors 
Physical burst : O MSlots 
Tuner frequency g bas O @ OW Miki 
Standard short grant g 0 Silocs 
Standard long grant g © Siloces 
Baseline privacy state: authorized, Encryption algorithm: ????, Key length: 0 
MACS aieclierins eleicg: Receive Transmit 
UGE OCESIES 135 2036 
Total packets 8 8 
CRC/Align errors 0 0 
Oversized frames 0 
CoS queues : 8 supported, 8 maximum usable queues 


Current address: 00:24:dc:0d:76:19, Hardware address: 00:24;:dc:0d:76:19 


Last flapped § 2009-11-10 IMssss40 wie (OOgiS6s29 
Statistics last cleared: Never 


Ieee) Sieene slsic sess 








Input bytes : TAL) 
Output bytes : 866 
Input packets: 2 
Output packets: 4 
Packet Forwarding Engine configuration: 
Destination slot: 1 


Direction : Output 


CoS transmit queue Bandwidth 
Limit 
% bps % 
0 best-effort 95 38000000 25) 
none 
3 network-control 5) 2000000 5) 
none 


ago) 


bps 
bps 
pps 
pps 


eS jc ec ©& 


Buffer Priority 


usec 
0 low 
0 low 


Logical interface cm-2/0/0.0 (Index 69) (SNMP ifIndex 523) (Generation 134) 





Flags: Point-To-Point SNMP-Traps Encapsulation: 
TieQitihe Stacisicies 

Input bytes : 710 

Output bytes : 806 

Input packets: @ 





ENET2 











Output packets: 4 
LOCeEl SeaeasicLes s 

Input bytes : 710 
Output bytes : 806 
Input packets: z 
Output packets: 4 
Transit statistics: 

Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
Security: Zone: Null 
Flow Statistics 





Flow Input statistics 


Self packets 


ICMP packets 


VPN packets 


Multicast packets 


Bytes 


permitted by policy 


Connections established 


Flow Output statistics: 


Multicast packets 


Byes 


Flow error statistics 


permitted by policy 


Address spoofing: 


Authentication failed: 


Incoming NAT errors: 





Invalid zone received packet: 





ultiple user authentications: 
ultiple incoming NAT: 

No parent for a gate: 

No one interested in self packets: 
No minor session: 

No more sessions: 

No NAT cate: 

NG Toure presen: 

NOMS Agee onemrlenc Oman ges Ele: 

No tunnel found: 

No session for a gate: 

No zone or NULL zone binding 


Policy denied: 


Security association not active: 


TCP sequence number out of window: 


Syn-attack protection: 


er er eS oS oS eS 


0 


(Packets dropped due to): 


0 


Sey “er ~er e) een Ss ee Ses SOS OS iS es Ss SS oS = 


0 bps 
0 bps 
0 pps 
0 pps 
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User authentication errors: 0 
Protocol inet, MTU: 1504, Generation: 147, Route table: 0 
Flags: None 





Addresses, Flags: Is-Preferred Is—Primary 
DASicalineie somes 20,20 20/24, loceils 20.20.20 .5, Breosceasics 20,20,20.255, 


Generation: 144 


The output shows a summary of DOCSIS interface properties. Verify the following information: 


e The physical interface is Enabled. If the interface is shown as Disabled, do either of the following: 


e Inthe CLI configuration editor, delete the disable statement at the [edit interfaces interface-name] 
level of the configuration hierarchy. 


e Inthe J-Web configuration editor, clear the Disable check box on the Interfaces>interface-name page. 


e The physical link is Up. A link state of Down indicates a problem with the interface module, interface 
port, or physical connection (link-layer errors). 


e The Last Flapped time is an expected value. The Last Flapped time indicates the last time the physical 
interface became unavailable and then available again. Unexpected flapping indicates likely link-layer 
errors. 


e The traffic statistics reflect the expected input and output rates. Verify that the number of inbound and 
outbound bytes and packets matches the expected throughput for the physical interface. To clear the 
statistics and see only new changes, use the clear interfaces statistics interface-name command. 


Release History Table 


Release Description 


15.1X49-D10 DOCSIS Mini-PIM interfaces are no longer supported on SRX300, SRX320, SRX340, 
SRX345, and SRX550HM devices. 


Configuring Serial Interfaces 


IN THIS SECTION 


@ Serial Interfaces Overview | 547 


@ Example: Configuring a Serial Interface | 553 


@ Example: Deleting a Serial Interface | 557 
@ Understanding the 8-Port Synchronous Serial GPIM | 558 
@ Example: Configuring an 8-Port Synchronous Serial GPIM in Back-to-Back SRX650 Services Gateways | 560 


Serial links are simple, bidirectional links that require very few control signals. The below topics discuss 
the overview, configuration and deleting serial interfaces, overview and configuration details of the 8-Port 
Synchronous Serial GPIM on security devices. 


Serial Interfaces Overview 


IN THIS SECTION 


Serial Transmissions | 548 
Signal Polarity | 549 
Serial Clocking Modes | 549 


Serial Line Protocols | 550 


Serial links are simple, bidirectional links that require very few control signals. In a basic serial setup, data 
communications equipment (DCE) installed in a user's premises is responsible for establishing, maintaining, 
and terminating a connection. A modem is a typical DCE device. 


A serial cable connects the DCE to a telephony network where, ultimately, a link is established with data 
terminal equipment (DTE). DTE is typically where a serial link terminates. 


The distinction between DCE and DTE is important because it affects the cable pinouts on a serial cable. 
A DCE cable uses a female 9-pin or 25-pin connector, and a DTE cable uses a male 9-pin or 25-pin 
connector, and. 


To form a serial link, the cables are connected to each other. However, if the pins are identical, each side's 
transmit and receive lines are connected, which makes data transport impossible. To address this problem, 
each cable is connected to a null modem cable, which crosses the transmit and receive lines in the cable. 


This section includes the following topics: 
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Serial Transmissions 


In basic serial communications, nine signals are critical to the transmission. Each signal is associated with 
a pin in either the 9-pin or 25-pin connector. Table 43 on page 548 lists and defines serial signals and their 
sources. 


Table 43: Serial Transmission Signals 


Signal Name Definition Signal Source 
TD Transmitted data DTE 

RD Received data DCE 

RTS Request to send DTE 

CTS Clear to send DCE 

DSR Data set ready DCE 

Signal Ground Grounding signal - 

CD Carrier detect = 

DTR Data terminal ready DTE 

RI Ring indicator - 


When a serial connection is made, a serial line protocol—such as EIA-530, X.21, RS-422/449, RS-232, or 
V.35—begins controlling the transmission of signals across the line as follows: 


1. The DCE transmits a DSR signal to the DTE, which responds with a DTR signal. After this handshake, 
the link is established and traffic can pass. 


2. When the DTE device is ready to receive data, it sets its RTS signal to a marked state (all 1s) to indicate 
to the DCE that it can transmit data. (If the DTE is not able to receive data—because of buffer conditions, 
for example—it sets the RTS signal to all Os.) 


3. When the DCE device is ready to receive data, it sets its CTS signal to a marked state to indicate to 
the DTE that it can transmit data. (If the DCE is not able to receive data, it sets the CTS signal to all Os.) 


4. When the negotiation to send information has taken place, data is transmitted across the transmitted 
data (TD) and received data (RD) lines: 


e TD line—Line through which data from a DTE device is transmitted to a DCE device 
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e RD line—Line through which data from a DCE device is transmitted to a DTE device 


The name of the wire does not indicate the direction of data flow. 


The DTR and DSR signals were originally designed to operate as a handshake mechanism. When a serial 
port is opened, the DTE device sets its DTR signal to a marked state. Similarly, the DCE sets its DSR signal 
to a marked state. However, because of the negotiation that takes place with the RTS and CTS signals, 
the DTR and DSR signals are not commonly used. 


The carrier detect and ring indicator signals are used to detect connections with remote modems. These 
signals are not commonly used. 


Signal Polarity 


Serial interfaces use a balanced (also called differential) protocol signaling technique. Two serial signals 
are associated with a circuit: the A signal and the B signal. The A signal is denoted with a plus sign (for 
example, DTR+), and the B signal is denoted with a minus sign (for example, DTR-). If DTR is low, then 
DTR+ is negative with respect to DTR-. If DTR is high, then DTR+ is positive with respect to DTR-. 


By default, all signal polarities are positive, but sometimes they might be reversed. For example, signals 
might be miswired as a result of reversed polarities. 


Serial Clocking Modes 


By default, a serial interface uses loop clocking to determine its timing source. For EIA-530 and V.35 
interfaces, you can set each port independently to use one of the following clocking modes. X.21 interfaces 
can use only loop clocking mode. 


e Loop clocking mode—Uses the DCE's receive (RX) clock to clock data from the DCE to the DTE. 


e DCE clocking mode—Uses the transmit (TXC) clock, generated by the DCE specifically to be used by the 
DTE as the DTE's transmit clock. 


e Internal clocking mode—Uses an internally generated clock. The speed of this clock is configured locally. 
Internal clocking mode is also known as line timing. 


Both loop clocking mode and DCE clocking mode use external clocks generated by the DCE. 


Figure 30 on page 550 shows the clock sources for loop, DCE, and internal clocking modes. 
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Figure 30: Serial Interface Clocking Modes 
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Serial Interface Transmit Clock Inversion 


When an externally timed clocking mode (DCE or loop) is used, long cables might introduce a phase shift 
of the DTE-transmitted clock and data. At high speeds, this phase shift might cause errors. Inverting the 
transmit clock corrects the phase shift, thereby reducing error rates. 


DTE Clock Rate Reduction 


Although the serial interface is intended for use at the default clock rate of 16.384 MHz, you might need 
to use a slower rate under any of the following conditions: 


e The interconnecting cable is too long for effective operation. 


e The interconnecting cable is exposed to an extraneous noise source that might cause an unwanted 
voltage in excess of +1 volt. 


The voltage must be measured differentially between the signal conductor and the point in the circuit 
from which all voltages are measured (“circuit common”) at the load end of the cable, with a 50-ohm 
resistor substituted for the generator. 


e Interference with other signals must be minimized. 


e Signals must be inverted. 


Serial Line Protocols 


IN THIS SECTION 


EIA-530 | 551 
RS-232 | 551 
RS-422/449 | 552 
V.35 | 552 

X.21 | 553 


Serial interfaces support the following line protocols: 


EIA-530 


EIA-530 is an Electronic Industries Association (EIA) standard for the interconnection of DTE and DCE 
using serial binary data interchange with control information exchanged on separate control circuits. 
EIA-530 is also Known as RS-530. 


The EIA-530 line protocol is a specification for a serial interface that uses a DB-25 connector and balanced 
equivalents of the RS-232 signals—also called V.24. The EIA-530 line protocol is equivalent to the RS-422 
and RS-423 interfaces implemented on a 25-pin connector. 


The EIA-530 line protocol supports both balanced and unbalanced modes. In unbalanced transmissions, 
voltages are transmitted over a single wire. Because only a single signal is transmitted, differences in ground 
potential can cause fluctuations in the measured voltage across the link. For example, if a 3-V signal is sent 
from one endpoint to another, and the receiving endpoint has a ground potential 1 V higher than the 
transmitter, the signal on the receiving end is measured as a 2-V signal. 


Balanced transmissions use two wires instead of one. Rather than sending a single signal across the wire 
and having the receiving end measure the voltage, the transmitting device sends two separate signals 
across two separate wires. The receiving device measures the difference in voltage of the two signals 
(balanced sampling) and uses that calculation to evaluate the signal. Any differences in ground potential 
affect both wires equally, and the difference in the signals is still the same. 


The EIA-530 interface supports asynchronous and synchronous transmissions at rates ranging from 20 Kbps 
to 2 Mbps. 


RS-232 


RS-232 is a Recommended Standard (RS) describing the most widely used type of serial communication. 
The RS-232 protocol is used for asynchronous data transfer as well as synchronous transfers using HDLC, 
Frame Relay, and X.25. RS-232 is also known as EIA-232. 


The RS-232 line protocol is very popular for low-speed data signals. RS-232 signals are carried as single 
voltages referred to a common ground signal. The voltage output level of these signals varies between 
-12 V and +12 V. Within this range, voltages between -3 V and +3 V are considered inoperative and are 
used to absorb line noise. Control signals are considered operative when the voltage ranges from +3 V to 
+25 V. 


The RS-232 line protocol is an unbalanced protocol, because it uses only one wire and is susceptible to 
signal degradation. Degradation can be extremely disruptive, particularly when a difference in ground 
potential exists between the transmitting and receiving ends of a link. 


The RS-232 interface is implemented in a 25-pin D-shell connector and supports line rates up to 200 Kbps 
over lines shorter than 98 feet (30 meters). 
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NOTE: RS-232 serial interfaces cannot function error-free with a clock rate greater than 200 KHz. 


RS-422/449 


RS-422 is a Recommended Standard (RS) describing the electrical characteristics of balanced voltage digital 
interface circuits that support higher bandwidths than traditional serial protocols like RS-232. RS-422 is 
also known as EIA-422. 


The RS-449 standard (also known as EIA-449) is compatible with RS-422 signal levels. The EIA created 
RS-449 to detail the DB-37 connector pinout and define a set of modem control signals for regulating 
flow control and line status. 


The RS-422/499 line protocol runs in balanced mode, allowing serial communications to extend over 
distances of up to 4,000 feet (1.2 km) and at very fast speeds of up to 10 Mbps. 


In an RS-422/499-based system, a single master device can communicate with up to 10 slave devices in 
the system. To accommodate this configuration, RS-422/499 supports the following kinds of transmission: 


Half-duplex transmission—In half-duplex transmission mode, transmissions occur in only one direction 
at a time. Each transmission requires a proper handshake before it is sent. This operation is typical of a 
balanced system in which two devices are connected by a single connection. 


Full-duplex transmission—In full duplex transmission mode, multiple transmissions can occur 
simultaneously so that devices can transmit and receive at the same time. This operation is essential 
when a single master in a point-to-multipoint system must communicate with multiple receivers. 


Multipoint transmission—RS-422/449 allows only a single master in a multipoint system. The master 
can communicate to all points in a multipoint system, and the other points must communicate with each 
other through the master. 


V.35 


V.35 is an ITU-T standard describing a synchronous, Physical Layer protocol used for communications 
between a network access device and a packet network. V.35 is most commonly used in the United States 
and Europe. 


The V.35 line protocol is a mixture of balanced (RS-422) and common ground (RS-232) signal interfaces. 
The V.35 control signals DTR, DSR, DCD, RTS, and CTS are single-wire common ground signals that are 

essentially identical to their RS-232 equivalents. Unbalanced signaling for these control signals is sufficient, 
because the control signals are mostly constant, varying at very low frequency, which makes single-wire 
transmission suitable. Higher frequency data and clock signals are sent over balanced wires. 


V.35 interfaces operate at line rates of 20 Kbps and above. 
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X.21 


X.21 is an ITU-T standard for serial communications over synchronous digital lines. The X.21 protocol is 
used primarily in Europe and Japan. 


The X.21 line protocol is a state-driven protocol that sets up a circuit-switched network using call setup. 
X.21 interfaces use a 15-pin connector with the following eight signals: 


Signal ground (G)—Reference signal used to evaluate the logic states of the other signals. This signal can 


be connected to the protective earth (ground). 


DTE common return (Ga)—Reference ground signal for the DCE interface. This signal is used only in 
unbalanced mode. 


Transmit (T)—Binary signal that carries the data from the DTE to the DCE. This signal can be used for 


data transfer or in call-control phases such as Call Connect or Call Disconnect. 


Receive (R)—Binary signal that carries the data from the DCE to the DTE. This signal can be used for 


data transfer or in call-control phases such as Call Connect or Call Disconnect. 


Control (C)—DTE-controlled signal that controls the transmission on an X.21 link. This signal must be on 


during data transfer, and can be on or off during call-control phases. 


Indication (1)—DCE-controlled signal that controls the transmission on an X.21 link. This signal must be 


on during data transfer, and can be on or off during call-control phases. 


Signal Element Timing (S)—Clocking signal that is generated by the DCE. This signal specifies when 


sampling on the line must occur. 


Byte Timing (B)—Binary signal that is on when data or call-control information is being sampled. When 
an 8-byte transmission is over, this signal switches to off. 


Transmissions across an X.21 link require both the DCE and DTE devices to be in a ready state, indicated 
by an all 1s transmission on the T and R signals. 


| Example: Configuring a Serial Interface 
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Overview | 554 
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Verification | 555 
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This example shows how to complete the initial configuration on a serial interface. 


Requirements 


Before you begin, install a serial PIM in the SRX Series device. See SRX Series Services Gateways for the 
Branch Physical Interface Modules Hardware Guide. 


Overview 


In this example, you create the interface se-1/0/0. You create the basic configuration for the new interface 
by setting the encapsulation type to ppp. Then you set the logical interface to 0. The logical unit number 
can range from O through 16,384. You can enter additional values for properties you need to configure 
on the logical interface, such as logical encapsulation or protocol family. Finally, you set IPv4 address 
10.10.10.10/24 on the serial interface. 


Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following command, paste it into a text file, remove any line 
breaks, change any details necessary to match your network configuration, copy and paste the command 
into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode. 


set interfaces se-1/0/0 encapsulation ppp unit 0 family inet address 10.10.10.10/24 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure a serial interface: 


1. Create the interface. 


[edit] 
user@host# edit interfaces se-1/0/0 


2. Create the basic configuration for the new interface. 


[edit interfaces se-1/0/0] 
user@host# set encapsulation ppp 


3. Add logical interfaces. 


555 


[edit interfaces se-1/0/0] 
user@host# edit unit 0 


4. Specify an IPv4 address for the interface. 


[edit interfaces se-1/0/0 unit 0] 
user@host# set family inet address 10.10.10.10/24 


Results 


From configuration mode, confirm your configuration by entering the show interfaces se-1/0/0 command. 


If the output does not display the intended configuration, repeat the configuration instructions in this 
example to correct it. 


[edit] 


user@host# show interfaces se-1/0/0 


encapsulation ppp; 
unit O { 
family inet { 
address 10.10.10.10/24; 


If you are done configuring the device, enter commit from configuration mode. 


Verification 


IN THIS SECTION 


@ Verifying the Link State of All Interfaces | 555 
@ Verifying Interface Properties | 556 


Confirm that the configuration is working properly. 
Verifying the Link State of All Interfaces 


Purpose 
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Use the ping tool on each peer address in the network to verify that all interfaces on the device are 
operational. 


Action 


For each interface on the device: 


1. In the J-Web interface, select Troubleshoot>Ping Host. 


2. In the Remote Host box, type the address of the interface for which you want to verify the link state. 


3. Click Start. The output appears on a separate page. 


INE, 10). LO}, 1K0)., 10) § DS ckica loynces 
64 bytes from 10.10.10.10: icmp_seq=0 ttl=255 time=0.382 ms 
64 bytes from 10.10.10.10: icmp_seq=1 ttl=255 time=0.266 ms 


If the interface is operational, it generates an ICMP response. If this response is received, the round-trip 
time, in milliseconds, is listed in the time field. 


Verifying Interface Properties 


Purpose 


Verify that the interface properties are correct. 


Action 


From operational mode, enter the show interfaces detail command. 
The output shows a summary of interface information. Verify the following information: 


e The physical interface is Enabled. If the interface is shown as Disabled, do one of the following: 


e Inthe CLI configuration editor, delete the disable statement at the [edit interfaces se-1/0/0] level of 
the configuration hierarchy. 


e In the J-Web configuration editor, clear the Disable check box on the Interfaces> se-1/0/0 page. 


e The physical link is Up. A link state of Down indicates a problem with the interface module, interface 
port, or physical connection (link-layer errors). 


e The Last Flapped time is an expected value. It indicates the last time the physical interface became 
unavailable and then available again. Unexpected flapping indicates likely link-layer errors. 


e The traffic statistics reflect expected input and output rates. Verify that the number of inbound and 
outbound bytes and packets matches expected throughput for the physical interface. To clear the 
statistics and see only new changes, use the clear interfaces statistics se-1/0/0 command. 
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| Example: Deleting a Serial Interface 


This example shows how to delete a serial interface. 


NOTE: Serial interfaces are no longer supported on SRX300, SRX320, SRX340, SRX345, SRX380, 
and SRX550HM devices. 


Requirements 


No special configuration beyond device initialization is required before configuring an interface. 


Overview 


In this example, you delete the se-1/0/0 interface. 


NOTE: Performing this action removes the interface from the software configuration and disables 
it. Network interfaces remain physically present, and their identifiers continue to appear on 
J-Web pages. 


Configuration 


Step-by-Step Procedure 


To delete a serial interface: 


1. Specify the interface you want to delete. 


[edit] 
user@host# delete se-1/0/0 


2. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 
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Verification 


To verify the configuration is working properly, enter the show interfaces command. 


Understanding the 8-Port Synchronous Serial GPIM 


A Gigabit-Backplane Physical Interface Module (GPIM) is a network interface card (NIC) that installs in the 
front slots of the SRX550 Services Gateway to provide physical connections to a LAN or a WAN. 


NOTE: Serial interfaces, including the 8-port synchronous serial GPIM, are no longer supported 
on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices. 


The 8-port synchronous serial GPIM provides the physical connection to serial network media types, 
receiving incoming packets from the network and transmitting outgoing packets to the network. Besides 
forwarding packets for processing, the GPIM performs framing and line-speed signaling. This GPIM provides 
8 ports that operate in sync mode and supports a line rate of 64 Mbps or 8 Mbps per port. 


Supported Features 


Table 44 on page 558 lists the features supported on the 8-port synchronous serial GPIM. 
Table 44: Supported Features 


Features Description 


Operation modes (autoselection based on | e DTE (data terminal equipment) 


cable, no configuration required) e DCE (data communication equipment) 


Clocking e Tx clock modes 
e DCE clock (only valid in DTE mode) 
e Baud clock (internally generated) 


e Loop clock (external) 


e Rx clock modes 
e Baud clock (internally generated) 


e Loop clock (external) 


Clock rates (baud rates) 1.2 KHz to 8.0 MHz 


NOTE: RS-232 serial interfaces might cause an error with a clock rate 
greater than 200 KHz. 
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Table 44: Supported Features (continued) 


Features 


MTU 


HDLC features 


Line encoding 


Invert data 


Line protocol 


Data cables 


Error counters (conformance to ANSI 


specification) 


Alarms and defects 


Data signal 


Control signals 


Serial autoresync 


Diagnostic features 


Layer 2 features 


Description 


9192 bytes, default value is 1504 bytes 


e Idle flag/fill (Ox7e or all ones), default idle flag is (Ox7e) 


e Counters—giants, runts, FCS error, abort error, align error 


NRZ and NRZI 


Enabled 


EIA530/EIA530A, X.21, RS-449, RS-232, V.35 


Separate cable for each line protocol (both DTE/DCE mode) 


Enabled 


e Rx clock absent 
e Tx clock absent 
DCD absent 

e RTS/CTS absent 
DSR/DTR absent 


Rx clock 


To DTE: CTS, DCD, DSR 
e From DTE: DTR, RTS 


Configurable resync duration 


e Configurable resync interval 


e Loopback modes—local, remote, and dce-local loopback 


e Ability to ignore control signals 
Encapsulation 


e PPP 
Cisco HDLC 


e Frame Relay 
e MLPPP 
e MLFR 
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Table 44: Supported Features (continued) 


Features Description 


SNMP features SNMP information receivable at each port 


e IF-MIB - rfc2863a.mib 


e jnx-chassis.mib 


Anticounterfeit check Enabled 


Example: Configuring an 8-Port Synchronous Serial GPIM in Back-to-Back 
SRX650 Services Gateways 


IN THIS SECTION 


Requirements | 561 
Overview and Topology | 561 
Configuration | 562 


Verification | 573 


This example shows how to perform a basic back-to-back device configuration with an 8-port synchronous 
serial GPIM. It describes the most common scenario in which a serial GPIM is deployed. 


In this example, the SRX650 devices are shown as both data communication equipment (DCE) and data 
terminal equipment (DTE). In certain deployment scenarios, the DTE can be a serial modem or an encryptor 
or decryptor. 


NOTE: Serial interfaces, including the 8-port synchronous serial GPIM, are no longer supported 
on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices. 


561 


Requirements 


This example uses the following hardware and software components: 


e Junos OS Release 12.1 R2 or later for SRX Series Services Gateways. 
e Two SRX650 devices connected back-to-back. 
e Two 8-port synchronous serial GPIMs. 


e Four pairs of DCE and DTE cables. The cable can be any type as mentioned in 8-Port Serial GPIM Interface 
Cables. 


Before you begin: 


e Establish basic connectivity. See the Getting Started Guide for your device. 


e Configure network interfaces as necessary. See “Example: Creating an Ethernet Interface” on page 208. 


Overview and Topology 


In this scenario, the configuration is done on two interfaces. All ports are configured with different 
encapsulations, such as Cisco High-Level Data Link Control (HDLC), Frame Relay, and Point-to-Point 
Protocol (PPP). When Frame Relay is set, then the data link connection identifier (in this example, 111) 
must also be set. 


In this example, all eight ports on Device 1 (SRX650) are configured in DTE mode and their respective 
eight ports on Device 2 (SRX650) are configured in DCE mode. 


For Device 1, you set the encapsulation type to ppp. Then you set the logical interface to 0. The logical 
unit number can range from O through 16,384. You can enter additional values for properties you need 
to configure on the logical interface, such as logical encapsulation or protocol family. Finally, you set the 
IPv4 address to 10.10.10.1/24 on the serial port. For Device 2, you follow a procedure similar to Device 
1, but you set the clocking mode to dce. 


Figure 31 on page 562 shows the topology used in this example. 


Figure 31: Basic Back-to-Back Device Configuration 
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Configuration 


CLI Quick Configuration 


To quickly configure this example, copy the following commands, paste them into a text file, remove any 
line breaks, change any details necessary to match your network configuration, and then copy and paste 
the commands into the CLI at the [edit] hierarchy level. 


Device 1 


set interfaces se-7/0/0 mtu 9192 

set interfaces se-7/0/0 encapsulation ppp 

set interfaces se-7/0/0 serial-options clocking-mode internal 
set interfaces se-7/0/0 unit O family inet address 10.10.10.1/24 
set interfaces se-7/0/1 mtu 9192 

set interfaces se-7/0/1 encapsulation cisco-hdlc 

set interfaces se-7/0/1 serial-options clocking-mode internal 
set interfaces se-7/0/1 unit O family inet address 11.11.11.1/24 
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set interfaces se-7/0/2 dce 

set interfaces se-7/0/2 mtu 9192 

set interfaces se-7/0/2 encapsulation frame-relay 

set interfaces se-7/0/2 serial-options clocking-mode internal 

set interfaces se-7/0/2 unit O dici 111 

set interfaces se-7/0/2 unit O family inet address 12.12.12.1/24 
set interfaces se-7/0/3 mtu 9192 

set interfaces se-7/0/3 encapsulation ppp 

set interfaces se-7/0/3 serial-options clocking-mode internal 

set interfaces se-7/0/3 unit O family inet address 13.13.13.1/24 
set interfaces se-7/0/4 mtu 9192 

set interfaces se-7/0/4 encapsulation cisco-hdlc 

set interfaces se-7/0/4 serial-options clocking-mode internal 

set interfaces se-7/0/4 unit O family inet address 14.14.14.1/24 
set interfaces se-7/0/5 dce 

set interfaces se-7/0/5 mtu 9192 

set interfaces se-7/0/5 encapsulation frame-relay 

set interfaces se-7/0/5 serial-options clocking-mode internal 

set interfaces se-7/0/5 unit 0 dici 112 

set interfaces se-7/0/5 unit O family inet address 15.15.15.1/24 
set interfaces se-7/0/6 mtu 9192 

set interfaces se-7/0/6 encapsulation cisco-hdlc 

set interfaces se-7/0/6 serial-options clocking-mode internal 

set interfaces se-7/0/6 unit O family inet address 16.16.16.1/24 
set interfaces se-7/0/7 mtu 9192 

set interfaces se-7/0/7 encapsulation ppp 

set interfaces se-7/0/7 serial-options clocking-mode internal 

set interfaces se-7/0/7 unit O family inet address 17.17.17.1/24 
set routing-options static route 21.21.21.0/24 next-hop 10.10.10.2 
set routing-options static route 23.23.23.0/24 next-hop 11.11.11.2 
set routing-options static route 25.25.25.0/24 next-hop 12.12.12.2 
set routing-options static route 27.27.27.0/24 next-hop 13.13.13.2 
set routing-options static route 29.29.29.0/24 next-hop 14.14.14.2 
set routing-options static route 31.31.31.0/24 next-hop 15.15.15.2 
set routing-options static route 33.33.33.0/24 next-hop 16.16.16.2 
set routing-options static route 35.35.35.0/24 next-hop 17.17.17.2 


Device 2 


set interfaces se-3/0/0 mtu 9192 
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set interfaces se-3/0/0 encapsulation ppp 

set interfaces se-3/0/0 serial-options clocking-mode dce 

set interfaces se-3/0/0 unit O family inet address 10.10.10.2/24 
set interfaces se-3/0/1 mtu 9192 

set interfaces se-3/0/1 encapsulation cisco-hdlc 

set interfaces se-3/0/1 serial-options clocking-mode dce 

set interfaces se-3/0/1 unit O family inet address 11.11.11.2/24 
set interfaces se-3/0/2 dce 

set interfaces se-3/0/2 mtu 9192 

set interfaces se-3/0/2 encapsulation frame-relay 

set interfaces se-3/0/2 serial-options clocking-mode dce 

set interfaces se-3/0/2 unit O dici 111 

set interfaces se-3/0/2 unit O family inet address 12.12.12.2/24 
set interfaces se-3/0/3 mtu 9192 

set interfaces se-3/0/3 encapsulation ppp 

set interfaces se-3/0/3 serial-options clocking-mode dce 

set interfaces se-3/0/3 unit O family inet address 13.13.13.2/24 
set interfaces se-3/0/4 mtu 9192 

set interfaces se-3/0/4 encapsulation cisco-hdlc 

set interfaces se-3/0/4 serial-options clocking-mode dce 

set interfaces se-3/0/4 unit O family inet address 14.14.14.2/24 
set interfaces se-3/0/5 dce 

set interfaces se-3/0/5 mtu 9192 

set interfaces se-3/0/5 encapsulation frame-relay 

set interfaces se-3/0/5 serial-options clocking-mode dce 

set interfaces se-3/0/5 unit 0 dici 112 

set interfaces se-3/0/5 unit O family inet address 15.15.15.2/24 
set interfaces se-3/0/6 mtu 9192 

set interfaces se-3/0/6 encapsulation cisco-hdlc 

set interfaces se-3/0/6 serial-options clocking-mode dce 

set interfaces se-3/0/6 unit O family inet address 16.16.16.2/24 
set interfaces se-3/0/7 mtu 9192 

set interfaces se-3/0/7 encapsulation ppp 

set interfaces se-3/0/7 serial-options clocking-mode dce 

set interfaces se-3/0/7 unit O family inet address 17.17.17.2/24 
set routing-options static route 20.20.20.0/24 next-hop 10.10.10.1 
set routing-options static route 22.22.22.0/24 next-hop 11.11.11.1 
set routing-options static route 24.24.24.0/24 next-hop 12.12.12.1 
set routing-options static route 26.26.26.0/24 next-hop 13.13.13.1 
set routing-options static route 28.28.28.0/24 next-hop 14.14.14.1 
set routing-options static route 30.30.30.0/24 next-hop 15.15.15.1 
set routing-options static route 32.32.32.0/24 next-hop 16.16.16.1 
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set routing-options static route 34.34.34.0/24 next-hop 17.17.17.1 


Step-by-Step Procedure 


The following example requires you to navigate various levels in the configuration hierarchy. For instructions 
on how to do that, see Using the CLI Editor in Configuration Mode. 


To configure the interfaces on Device 1: 


1. Specify the maximum transmission unit (MTU) value for the interface. 


[edit interfaces] 
user@host# set se-7/0/0 mtu 9192 


2. Configure the encapsulation type. 


[edit interfaces] 
user@host# set se-7/0/0 encapsulation ppp 


3. Configure the serial options, such as the clocking mode. 


[edit interfaces] 
user@host# set se-7/0/0 serial-options clocking-mode internal 


4. Set the IPv4 address on the serial port. 


[edit interfaces] 
user@host# set se-7/0/0 unit O family inet address 10.10.10.1/24 


5. Configure the static route information. 


[edit routing-options] 
user@host# set static route 21.21.21.0/24 next-hop 10.10.10.2 


NOTE: Repeat the same configuration for the other seven ports on Device 1. 
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6. If you are done configuring the device, commit the configuration. 


[edit] 
user@host# commit 


Step-by-Step Procedure 


To configure the interfaces on Device 2: 


1. Specify the MTU value for the interface. 


[edit interfaces] 
user@host# set se-3/0/0 mtu 9192 


2. Configure the encapsulation type. 


[edit interfaces] 
user@host# set se-3/0/0 encapsulation ppp 


3. Configure the serial options, such as the clocking mode. 


[edit interfaces] 
user@host# set se-3/0/0 serial-options clocking-mode dce 


4. Set the IPv4 address on the serial port. 


[edit interfaces] 
user@host# set se-3/0/0 unit 0 family inet address 10.10.10.2/24 


5. Configure the static route information. 


[edit routing-options] 
user@host# set static route 20.20.20.0/24 next-hop 10.10.10.1 


NOTE: Repeat the same configuration for the other seven ports on Device 2. 


6. If you are done configuring the device, commit the configuration. 


566 


[edit] 
user@host# commit 


Results 


From configuration mode, confirm your configuration by entering the show interfaces command. If the 
output does not display the intended configuration, repeat the configuration instructions in this example 
to correct it. 


Device 1 


[edit] 
user@host# show interfaces 
se-7/0/0 { 
mtu 9192; 
encapsulation ppp; 
serial-options { 
clocking-mode internal; 
} 
unit O { 
family inet { 
address 10.10.10.1/24; 


se-7/0/1 { 
mtu 9192; 
encapsulation cisco-hdlc; 
serial-options { 
clocking-mode internal; 
} 
unit O { 
family inet { 
address 11.11.11.1/24; 


} 
se-7/0/2 { 
dce; 
mtu 9192; 
encapsulation frame-relay; 
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serial-options { 
clocking-mode internal; 
} 
unit O { 
dici 111; 
family inet { 
address 12.12.12.1/24; 


} 
se-7/0/3 { 
mtu 9192; 
encapsulation ppp; 
serial-options { 
clocking-mode internal; 
} 
unit O { 
family inet { 
address 13.13.13.1/24; 


} 
se-7/0/4 { 
mtu 9192; 
encapsulation cisco-hdlc; 
serial-options { 
clocking-mode internal; 
} 
unit O { 
family inet { 
address 14.14.14.1/24; 


} 

se-7/0/5 { 
dce; 
mtu 9192; 
encapsulation frame-relay; 
serial-options { 

clocking-mode internal; 

} 
unit O { 
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dici 112; 
family inet { 
address 15.15.15.1/24; 


} 
se-7/0/6 { 
mtu 9192; 
encapsulation cisco-hdlc; 
serial-options { 
clocking-mode internal; 
} 
unit O { 
family inet { 
address 16.16.16.1/24; 


} 
se-7/0/7 { 
mtu 9192; 
encapsulation ppp; 
serial-options { 
clocking-mode internal; 
} 
unit O { 
family inet { 
address 17.17.17.1/24; 


[edit] 
user@host# show routing-options 
static { 


route 21.21.21.0/24 next-hop 10.10.10.2; 
route 23.23.23.0/24 next-hop 11.11.11.2; 
route 25.25.25.0/24 next-hop 12.12.12.2; 
route 27.27.27.0/24 next-hop 13.13.13.2; 
route 29.29.29.0/24 next-hop 14.14.14.2; 
route 31.31.31.0/24 next-hop 15.15.15.2; 
route 33.33.33.0/24 next-hop 16.16.16.2; 
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route 35.35.35.0/24 next-hop 17.17.17.2; 


If you are done configuring the device, enter commit from configuration mode. 


Device 2 


[edit] 
user@host# show interfaces 
se-3/0/0 { 
mtu 9192; 
encapsulation ppp; 
serial-options { 
clocking-mode dce; 
} 
unit O { 
family inet { 
address 10.10.10.2/24; 


se-3/0/1 { 
mtu 9192; 
encapsulation cisco-hdlc; 
serial-options { 
clocking-mode dce; 
} 
unit O { 
family inet { 
address 11.11.11.2/24; 


} 
se-3/0/2 { 
dce; 
mtu 9192; 
encapsulation frame-relay; 
serial-options { 
clocking-mode dce; 
} 
unit O { 
dici 111; 
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family inet { 
address 12.12.12.2/24; 


} 
se-3/0/3 { 
mtu 9192; 
encapsulation ppp; 
serial-options { 
clocking-mode dce; 
} 
unit O { 
family inet { 
address 13.13.13.2/24; 


} 
se-3/0/4 { 
mtu 9192; 
encapsulation cisco-hdlc; 
serial-options { 
clocking-mode dce; 
} 
unit O { 
family inet { 
address 14.14.14.2/24; 


} 
se-3/0/5 { 
dce; 
mtu 9192; 
encapsulation frame-relay; 
serial-options { 
clocking-mode dce; 
} 
unit O { 
dici 112; 
family inet { 
address 15.15.15.2/24; 
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} 
se-3/0/6 { 
mtu 9192; 
encapsulation cisco-hdlc; 
serial-options { 
clocking-mode dce; 
} 
unit O { 
family inet { 
address 16.16.16.2/24; 


} 
se-3/0/7 { 
mtu 9192; 
encapsulation ppp; 
serial-options { 
clocking-mode dce; 
} 
unit O { 
family inet { 
address 17.17.17.2/24; 


[edit] 
user@host# show routing-options 


static { 


route 20.20.20.0/24 next-hop 10.10.10.1; 
route 22.22.22.0/24 next-hop 11.11.11.1; 
route 24.24.24.0/24 next-hop 12.12.12.1; 
route 26.26.26.0/24 next-hop 13.13.13.1; 
route 28.28.28.0/24 next-hop 14.14.14.1; 
route 30.30.30.0/24 next-hop 15.15.15.1; 
route 32.32.32.0/24 next-hop 16.16.16.1; 
route 34.34.34.0/24 next-hop 17.17.17.1; 


If you are done configuring the device, enter commit from configuration mode. 
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Verification 


IN THIS SECTION 


@ Verifying Interface Link Status | 573 
@ Verifying Interface Statistics for DCE | 574 
@ Verifying Interface Statistics for DTE | 577 


Confirm that the configuration is working properly. 


Verifying Interface Link Status 


Purpose 


Verify that the interface link status is up. 


Action 


From operational mode, enter the show interface terse se-7/0/* command. 


user@srx650-1> show interface terse se-7/0/* 


Interface Admin Link Proto Local Remote 
se-7/0/0 up up 

se-7/0/0.0 up up inet LO); 10) OL /ed 
se-7/0/1 up up 

se-7/0/1.0 up up inet Ti, Li, . fae 
se-7/0/2 up up 

Sera Oy eZ O up up inet 12 Leola Lye 
se-7/0/3 up up 

se-7/0/3.0 up up inet LB 19,13. 1/24 
se-7/0/4 up up 

se-7/0/4.0 up up inet 14.14.14.1/24 
se-7/0/5 up up 

se-7/0/5.0 up up inet 15,15,05,i1/24 
se-7/0/6 up up 

se-7/0/6.0 up up inet Gi hGeeliGesle/2/4 
se-7/0/7 up up 

se-7/0/7.0 up up inet U7 ool 5 fae 
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Meaning 


The output displays a list of all interfaces configured. If the Link column displays up for all interfaces, the 


configuration is working properly. This verifies that the GPIM is up and end-to-end ping is working. 


Verifying Interface Statistics for DCE 


Purpose 


Verify that the interfaces are configured properly for DCE. 


Action 


From operational mode, enter the show interface se-7/0/0 extensive | no-more command. 


user@srx650-1>show interface se-7/0/0 extensive | no-more 





Physical interface: se-7/0/0, Enabled, Physical link is Up 

Interface index: 161, SNMP ifIndex: 592, Generation: 164 

Type: Serial, Link-level type: PPP, MTU: 1504, Maximum speed: 8mbps 
Device flags : Present Running 

Interface flags: Point-To-Point Internal: 0x0 

Link flags : Keepalives 

Hold-times : Up 0 ms, Down O ms 


Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 





Keepalive statistics: 
Input : 123 (last seen 00:00:02 ago) 
Output: 123 (last sent 00:00:01 ago) 
LCP state: Opened 





NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: 
Not-configured 

CHAP ES avormelLosce 

HN? Sicaces CllLosSel 

CoS queues : 8 supported, 8 maximum usable queues 

Last flapped 5 AOLI-WG=27 22257924 BDU (OWSZ20R59 ace) 





Statistics last cleared: Never 


WeUEIeILe! Sieeue asic less 


Input bytes : ay) Se 160 bps 
Output bytes : ZADS2 Dols loys 
Input packets: 404 0 pps 
Output packets: 409 0 pps 


IMYONLUE, (Ssie@ies} § 
MEROrSS 3, Dress O, wiedinling GeEorRsSs 3S, Rumres OW, Cieinese O, 
Policed discards: 0, Resource errors: 0 


Output errors: 





CAKZISE ckeEmsitiongs; il, werorss 0, Drees: 0, MEU Srreorss O, 





Resource errors: 0 





Egress queues: 8 
QucIIERcounmersh 

OQ ISSSIE Sit Oc 

1 expedited-fo 

2 assured-forw 

3 network-cont 
Queue number: 

0 

i 

2 

S 
Serial media info 
Line protocol: 
Resync history: 

Syne loss cou 
Data signal: 


REG Galo el kar mn Ke 


supported, 4 in use 
Queued packets 
0 
0 
0 
409 
Mapped forwarding classes 
best-effort 
expedited-forwarding 
assured-forwarding 
network-control 
rmation: 


e1a530 


Miter 0 


Coniscolmesucmanlise 


Local mode: DCE 


To Din? CTS. 








IP reCia IDNING 8 ID)ALIELS 








DCE loopback ov 
Clocking mode: 
Loopback: none 
ts Clock: mem—2 
Line encoding: 
Packet Forwarding 
Destination slo 
CoS information: 
Direction : Out 


CoS transmit qu 





Limit 


0 best-effort 
none 
3 network-contr 


none 


Logical interface 

MILeejiss J2OuLiE— ©) 
Security: Zone: 
Allowed host-in 
ospf pgm pim ri 


Flow Statistics 


wD, ICDS wis, IDSRE ws 
WO, IRIS Ths) 
erride: Off 


internal 


nvert 


nrz 





Engine configuration: 


ee 





put 
eue Bandwidth 
% bps % 
95 7600000 8) 
ol a 400000 5 
se-7/0/0.0 (Index 82) (SNMP ifIndex 600) 
-Point SNMP-Traps 0x0 Encapsulation: 
HOST 


lole}bb ele Mm enar- bial! 


p router-discovery rsvp sap vrrp 


Transmitted packets 


0 
0 
0 
409 


I2IBIP 


Dropped packet 


Buffer Priority 


usec 
0 low 
0 low 


(Generation 147) 


any-service bfd bgp dvmrp igmp ldp msdp nhrp 


S 
0 


0 
0 
0 
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Flow Input statistics 


Self packets : 5S 
ICMP packets : 0 
VPN packets : 0 
Multicast packets : 0 
Bytes permitted by policy : 13152 
Connections established : A 


LOW OMIEOUIE SiEEIEASIELCS 
Multicast packets : 0 
Bytes permitted by policy : 0 

Flow error statistics (Packets dropped due to): 
Address spoofing: 0 
Authentication failed: 
Incoming NAT errors: 


Invalid zone received packet: 





Multiple user authentications: 
ultiple incoming NAT: 


No parent for a gate: 





No one interested in self packets: 
No minor session: 

No more sessions: 

No NAT gate: 

NG FOuULe present: 

NOMS Ag foresee Omsnn gars Eales 

No tunnel found: 

No session for a gate: 


No zone or NULL zone binding 





Policy denied: 
Security association not active: 


TCP sequence number out of window: 





Syn-attack protection: 


ey jy ~~ Ker 1) ep er er oe fe fe oe je eo SS eS eS Ss! SS 


User authentication errors: 
Protocol inet, MTU: 1500, Generation: 162, Route table: 0 
Flags: Sendbcast-—pkt-to-re 





Addresses, Flags: Is-Preferred Is—Primary 
DeStamere somes LO, 10, L0O/24, loeedls 1O0,10,10,1, Breoaceasics 10,10, 10,255, 


Generation: 175 


Meaning 


The output displays a list of all DCE verification parameters and the mode configured. If the local mode 
displays DCE, the configuration is working properly. 
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Verifying Interface Statistics for DTE 


Purpose 


Verify that the interfaces are configured properly for DTE. 


Action 


From operational mode, enter the show interfaces se-3/0/0 extensive | no-more command. 


user@srx650-2>show interfaces se-3/0/0 extensive | no-more 





Physical interface: se-3/0/0, Enabled, Physical link is Up 
Interface index: 168, SNMP ifIndex: 594, Generation: 171 
Type: Serial, Link-level type: PPP, MTU: 1504, Maximum speed: 8mbps 
Device flags : Present Running 
Interface flags: Point-To-Point Internal: 0x0 
Link flags : Keepalives 
Hold-times : Up 0 ms, Down O ms 


Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 





Keepalive statistics: 
Input : 242 (last seen 00:00:09 ago) 
Output: 242 (last sent 00:00:10 ago) 
LCP state: Opened 





NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: 
Not-configured 

CHAPS Sieciccrm Close c 

PAP Me Siechect me Cskosc el 

CoS queues : 8 supported, 8 maximum usable queues 

Last flapped § Z20LI-O6—27 22852305 Du (OOsAOs4l eee) 


Statistics last cleared: Never 





Weer Siceue asic hess 


Input bytes : 44582 0 bps 
Output bytes : 42872 0 bps 
Input packets: TS 0 pps 
Output packets: THY 0 pps 


Iino, isieone sss 
WErOrS: 6, Dress 0, WRenG Grrorss 6, Rumess O, Ciemcas O, 
Policed discards: 0, Resource errors: 0 


Output errors: 





Cakriler tiemsittiomss I, mirrors O, Diecose O, MU erieorss 0, 





Resource errors: 0 





Egress queues: 8 supported, 4 in use 

Queue counters: Queued packets Transmitted packets Dropped packets 
0 best-effort 2 2 0 
1 expedited-fo 0 0 0 


2 assured-forw 

3 network-cont 
Queue number: 

0 

il 

2 

3 
Serial media info 


Line protocol: 


0 

VW 
Mapped forwarding classes 
best-effort 
expedited-forwarding 
assured-forwarding 
network-control 

rmation: 


e1a530 


gia 


Resync history: 

SMC mLOscee Omicemn 0) 
Data signal: 

ine (ClloGles OX 
Control signals: 


Local mode: DTI 





ee 


Woe, ICIS IIR Wis), IMESS wie) 





Imcom IDCs CES3 ws, ICDS Uys), 





Clocking mode: loop-timed 
Loopback: none 
Tx clock: non-invert 


Line encoding: nrz 





DISIRS who) 


Packet Forwarding Engine configuration: 


Destination slot: 3 
CoS information: 
Direction Output 


CoS transmit queue 





Limit 


oe 


0 best-effort 95 
none 
3 network-control 5) 


none 


Bandwidth Buffer Priority 


oe 


bps 
7600000 95 0 low 


usec 


400000 5 0 low 


Logical interface se-3/0/0.0 (Index 82) (SNMP ifIndex 602) (Generation 147) 





Flags: Point-To-Point SNMP-Traps 0x0 Encapsulation: PPP 


Security: Zone: HOST 
Allowed host-inbound traffic 


any-service bfd bgp dvmrp igmp ldp msdp nhrp 


ospf pgm pim rip router-discovery rsvp sap vrrp 


Flow Statistics 





Flow Input statistics 
Self packets 
ICMP packets 
VPN packets 
Multicast packets 
Bytes permitted by policy 


287 


24044 
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Connections established : al 

Flow Output statistics: 
Multicast packets : 0 
Bytes permitted by policy : 0 

Flow error statistics (Packets dropped due to): 
Address spoofing: 0 
Authentication failed: 


Incoming NAT errors: 





Invalid zone received packet: 
Multiple user authentications: 
ultiple incoming NAT: 


No parent for a gate: 


So qooe Se eS ©S 


No one interested in self packets: 





No minor session: 0 
No more sessions: 

No NAT gate: 

NG FOULS Present: 

INGMES Age eo ramselenc Omen cams Eley 

No tunnel found: 

No session for a gate: 


No zone or NULL zone binding 





Policy denied: 
Security association not active: 
TCP sequence number out of window: 


Syn-attack protection: 


er «re eo fe) ee) te) ce) es ee eS 





User authentication errors: 
Protocol inet, MTU: 1500, Generation: 162, Route table: 0 
Flags: Sendbcast-pkt-to-re 





Addresses, Flags: Is-Preferred Is—Primary 
DeStaimenesoms 10,10 10/24, Locals 10,110,102, Broaceasics 10,10, 10.255, 


Generation: 175 


Meaning 


The output displays a list of all DTE verification parameters and the mode configured. If the local mode 
displays DTE, the configuration is working properly. 
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| accept-source-mac 


Syntax 


accept-source-mac { 
mac-address mac-address; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number] 


Release Information 
Statement introduced in Junos OS Release 11.4. 


Description 

For Gigabit Ethernet (GE), Fast Ethernet (FE), or 10 Gigabit Ethernet (XE) interfaces, specify the MAC 
addresses from which the interface can receive packets. Ensure that you update the MAC address if the 
remote Ethernet card is replaced. Replacing the interface card changes the MAC address. If you do not 
update the MAC address, the interface cannot receive packets from the new card. 


NOTE: 
e Software-based MAC limiting is supported on SRX300, SRX320, and SRX340 devices. A 
maximum of 32 MAC addresses is supported per device. 


Options 

mac-address —MAC address filter. You can specify the MAC address as six hexadecimal bytes in one of 
the following formats: nn:nn:nn:nn:nn:nn:nn (for example, 00:11:22:33:44:55) or nnnn:nnnn:nnnn (for 
example, 0011.2233.4455). You can configure up to 32 source addresses. To specify more than one 
address, include multiple mac-addresses in the source-address-filter statement. 


Required Privilege Level 
interface—To view this statement in the configuration.. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
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| access-point name 


Syntax 


access-point-name apn; 


Hierarchy Level 


[edit interfaces interface-name cellular-options gsm-options profiles profile-name] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 
Configure the access point name (APN) provided by the service provider for connection to a Global System 
for Mobile Communications (GSM) cellular network. 


Options 


apn—Access point name. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 
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| apply-groups 


Syntax 
apply-groups; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number radio-router] 


Release Information 
Statement introduced in Junos OS Release 9.6. 
Statement modified in Junos OS Release 15.1. 


Description 

Apply the groups from which to inherit configuration data. If radio-router is set without any other attributes 
specified, the first four values become 100 and threshold stays at 10, and capacity, margin, and delay are 
deprecated. If radio-router is set, do not change the OSPF reference-bandwidth value because this generates 
an incorrect link cost. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring PPPoE-Based Radio-to-Router Protocols 
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| activation-delay 


Syntax 


activation-delay seconds; 


Hierarchy Level 


[edit interfaces dln unit logical-unit-number dialer-options] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 
(J Series Services Routers) For ISDN interfaces, configure the ISDN dialer activation delay. Used only for 
dialer backup and dialer watch cases. 


Options 
seconds—Interval before the backup interface is activated after the primary interface has gone down. 
Range: 1 through 4,294,967,295 seconds 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 
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arp (Interfaces) 


Syntax 


arp ip-address (mac | multicast-mac) mac-address publish; 


arp { 
aging-timer minutes; 
gratuitous-arp-delayseconds; 
gratuitous-arp-on-ifup; 
interfaces { 
interface-name { 
aging-timer minutes; 


} 
passive-learning; 
purging; 


Syntax (EX Series) 


arp { 
aging-timer minutes; 


Hierarchy Level 
[edit system] 
[edit interfaces interface-name unit logical-unit-number family inet address address] 


[edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number family inet address 
address] 


NOTE: The edit logical-systems hierarchy is not available on QFabric systems. 


Release Information 
Statement introduced before Junos OS Release 7.4. 
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Statement introduced in Junos OS Release 9.0 for EX Series switches. 
Statement introduced in Junos OS Release 11.1 for the QFX Series. 
Statement introduced in Junos OS Release 14.1X53-D20 for the OCX Series. 


Description 

For Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces only, configure Address Resolution Protocol 
(ARP) table entries mapping IP addresses to MAC addresses. You can enable backup VRRP routers to learn 
ARP requests for VRRP-IP to VRRP-MAC address translation. You can also set the time interval between 
ARP updates. 


NOTE: By default, an ARP policer is installed that is shared among all the Ethernet interfaces 

on which you have configured the family inet statement. By including the arp statement at the 
[edit interfaces interface-name unit logical-unit-number family inet policer] hierarchy level, you 
can apply a specific ARP- packet policer to an interface. This feature is not available on EX Series 


switches. 


When you need to conserve IP addresses, you can configure an Ethernet interface to be 
unnumbered by including the unnumbered-address statement at the [edit interfaces 
interface-name unit logical-unit-number family inet] hierarchy level. 


NOTE: For EX-Series switches, set only the time interval between ARP updates. 


591 


Options 
ip-address—IP address to map to the MAC address. The IP address specified must be part of the subnet 
defined in the enclosing address statement. 


mac mac-address—MAC address to map to the IP address. Specify the MAC address as six hexadecimal 
bytes in one of the following formats: nnnn.nnnn.nnnn or nn:nn:nn:nn:nn:nn. For example, 
0000.5e00.5355 or 00:00:5e:00:53:55. 


multicast-mac mac-address—Multicast MAC address to map to the IP address. Specify the multicast MAC 
address as six hexadecimal bytes in one of the following formats: nnnn.nnnn.nnnn or nn:nn:nn:nn:nn:nn. 
For example, 0000.5e00.5355 or 00:00:5e:00:53:55. 


publish—(Optional) Have the router or switch reply to ARP requests for the specified IP address. If you 
omit this option, the router or switch uses the entry to reach the destination but does not reply to 
ARP requests. 


NOTE: For unicast MAC addresses only, if you include the publish option, the router or switch 
replies to proxy ARP requests. 


aging-timer—Time interval in minutes between ARP updates. In environments where the number of ARP 
entries to update is high (for example, on routers only, metro Ethernet environments), increasing the 
time between updates can improve system performance. 


gratuitous-arp-delay— Configure a delay for gratuitous ARP requests at the system level. By default, Junos 
OS sends gratuitous ARP requests immediately after network-related configuration changes are made 
on an interface (for example, a VLAN ID, MAC address, IP address change, or Aggregated Ethernet 
deployment). This might lead to the Packet Forwarding Engine dropping some initial request packets 
if the configuration updates have not been fully processed. To avoid such request packets being 
dropped, you can configure a delay in gratuitous ARP requests. 
Values: 
e seconds—Configure the ARP request delay in seconds. We recommend configuring a value in the 

range of 3 through 6 seconds. 


gratuitous-arp-on-ifup— Add this statement to the [edit system arp] hierarchy to configure Junos OS to 
automatically issue a gratuitous ARP announcement when an interface is online. 


interfaces— Specify the ARP aging timer in minutes for a logical interface of family type inet. 
Values: aging-timer minutes—Time between ARP updates, in minutes. 
Default: 20 
Range: 1 through 6,00,000 
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passive-learning— Configure backup VRRP routers or switches to learn the ARP mappings (IP-to- MAC 
address) for hosts sending the requests. By default, the backup VRRP router drops these requests; 
therefore, if the master router fails, the backup router must learn all entries present in the ARP cache 
of the master router. Configuring passive learning reduces transition delay when the backup router is 
activated. Learning of ARP mappings (IP-to-MAC address) by backup VRRP routers or switches for 
hosts sending the requests is disabled unless this statement is configured. 


purging— Purge obsolete ARP entries from the cache when an interface or link goes offline. 


Required Privilege Level 

interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 
system—To view this statement in the configuration. 
system-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring Static ARP Table Entries For Mapping IP Addresses to MAC Addresses 
Configure ARP Learning and Aging Options 
Junos OS Network Interfaces Library for Routing Devices 


Junos OS System Basics Configuration Guide . 


Adjusting the ARP Aging Timer 
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| arp-resp 
Syntax 


arp-resp (restricted|unrestricted); 


Hierarchy Level 


[edit interfaces interfaces-name unit logical-unit-number | 
Release Information 
Statement introduced in Junos OS Release 10.1. 


Description 


Configure Address Resolution Protocol (ARP) response on the interface. 


Options 
e restricted—Enable restricted proxy ARP response on the interface. This is the default. 


e unrestricted—Enable unrestricted ARP response on the interface. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Interfaces User Guide for Security Devices 
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| authentication-method (Interfaces) 


Syntax 


authentication-method (pap | chap | none); 


Hierarchy Level 


[edit interfaces interface-name cellular-options gsm-options profiles profile-name] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 
Specify the authentication method for connection to a Global System for Mobile Communications (GSM) 
cellular network. 


Options 
e pap—Password Authentication Protocol. 
e chap—Challenge Handshake Authentication Protocol. 


e none—No authentication method is used. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 
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| bandwidth (Interfaces) 


Syntax 


bandwidth bandwidth; 


Hierarchy Level 


[edit interfaces interface-name radio-router] 


Release Information 
Statement introduced in Junos OS Release 10.1. 


Description 


This option controls the weight of the current (vs. maximum) data rate (value 0-100). 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


PPPoE-Based Radio-to-Router Protocols Overview 
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| bundle (Interfaces) 


Syntax 


bundle bundle-name; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number family mlppp ] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 


Specify the logical interface name the link joins. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 


597 


| cbr rate 


Syntax 


cbr rate; 


Hierarchy Level 


[edit interfaces interface-name atm-options vpi vpi-identifier shaping] 


Release Information 
Command introduced in Release 9.5 of Junos OS. 


Description 


For ATM encapsulation only, define a constant bit rate bandwidth utilization in the traffic-shaping profile. 


Options 
e CBR Value-Constant bandwidth utilization (range: 33,000 through 1,199,920) 


e CDVT-Cell delay variation tolerance in microseconds (range: 1 through 9999) 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces Configuration Guide for Security Devices 


598 


| callback 


Syntax 


callback; 


Hierarchy Level 


[edit interfaces dln unit logical-unit-number dialer-options incoming-map], 
[edit logical-systems logical-system-name interfaces dln unit logical-unit-number dialer-options incoming-map] 


Release Information 
Statement introduced in Junos OS Release 7.5. 


Description 

On J Series Services Routers with interfaces configured for ISDN, configure the dialer to terminate the 
incoming call and call back the originator after the callback wait period. The default wait time is 5 seconds. 
To configure the wait time, include the callback-wait-period statement at the [edit interfaces dl n unit 
logical-unit-number dialer-options] hierarchy level. 


NOTE: The incoming-map statement is mandatory for the router to accept any incoming ISDN 
Calls. 


If the callback statement is configured, you cannot use the caller caller-id statement at the [edit interfaces 
din unit logical-unit-number dialer-options] hierarchy level. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 


callback-wait-period | 599 
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| callback-wait-period 


Syntax 


callback-wait-period time; 


Hierarchy Level 


[edit interfaces dln unit logical-unit-number dialer-options], 
[edit logical-systems logical-system-name interfaces dln unit logical-unit-number dialer-options] 


Release Information 
Statement introduced in Junos OS Release 7.5. 


Description 

On J Series Services Routers with interfaces configured for ISDN with callback, specify the amount of time 
the dialer waits before calling back the caller. The default wait time is 5 seconds. The wait time is necessary 
because, when a call is rejected, the switch waits for up to 4 seconds on point-to-multipoint connections 
to ensure no other device accepts the call before sending the DISCONNECT message to the originator of 
the call. However, the default time of 5 seconds may not be sufficient for different switches or may not 
be needed on point-to-point connections. 


To configure callback mode, include the callback statement at the [edit interfaces dln unit logical-unit-number 
dialer-options] hierarchy level. 


If the callback statement is configured, you cannot use the caller caller-id statement at the [edit interfaces 
din unit logical-unit-number dialer-options] hierarchy level. 


Options 


time—Time the dialer waits before calling back the caller. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 
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| caller 


Syntax 


caller (caller-id | accept-all); 


Hierarchy Level 


[edit interfaces dln unit logical-unit-number dialer-options incoming-map], 
[edit logical-systems logical-system-name interfaces dln unit logical-unit-number dialer-options incoming-map] 


Release Information 
Statement introduced in Junos OS Release 7.5. 


Description 
On J Series Services Routers with interfaces configured for ISDN, specify the dialer to accept a specified 
caller number or accept all incoming calls. 


Options 

caller-id—|Incoming caller number. You can configure multiple caller IDs on a dialer. The caller ID of the 
incoming call is matched against all caller IDs configured on all dialers. The dialer matching the caller ID is 
looked at for further processing. Only a precise match is a valid match, For example, the configured caller 
ID 1-222-333-4444 or 222-333-4444 will match the incoming caller ID 1-222-333-4444. 


If the incoming caller ID has fewer digits than the number configured, it is not a valid match. Duplicate 
caller IDs are not allowed on different dialers; however, for example, the numbers 1-408-532-1091, 
408-532-1091, and 532-1091 can still be configured on different dialers. 


Only one B-channel can map to one dialer. If one dialer is already mapped, any other call mapping to the 
same dialer is rejected (except in the case of a multilink dialer). If no dialer caller is configured on a dialer, 
that dialer will not accept any calls. 


accept-all—Any incoming call in an associated interface is accepted. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 
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| cellular-options 


Syntax 


cellular-options { 
roaming-mode (home only | automatic) 
gsm-options { 
select-profile profile-name; 
profiles { 
profile-name { 
sip-user-id simple-ip-user-id; 
sip-password simple-ip-password; 
access-point-name apn; 
authentication-method (pap | chap | none); 


Hierarchy Level 


[edit interfaces interface-name] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 


Configure options for connecting a 3G wireless modem interface to a cellular network. 


Options 


The remaining statements are explained separately. See CLI Explorer. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 
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| classifiers (CoS) 


Syntax 


classifiers { 
(dscp | dscp-ipvé | exp | ieee-802.1 | ieee-802.1ad | inet-precedence) classifier-name { 
forwarding-class forwarding-class-name { 
loss-priority (high | low | medium-high | medium-low) { 
code-point alias-or-bit-string ; 
} 


import (default | user-defined; 


Hierarchy Level 


[edit class-of-service] 


Release Information 
Statement introduced in Junos OS Release 9.2 


Description 


Configure a user-defined behavior aggregate (BA) classifier. 


Options 
e classifier-name—User-defined name for the classifier. 


import (default | user-defined)—Specify the template to use to map any code points not explicitly mapped 


in this configuration. For example, if the classifier is of type dscp and you specify import default, code 
points you do not map in your configuration will use the predefined DSCP default mapping; if you specify 


import mymap, for example, code points not mapped in the forwarding-class configuration would use 
the mappings in a user-defined classifier named mymap. 


forwarding-class class-name—Specify the name of the forwarding class. You can use the default forwarding 


class names or define new ones. 


loss-priority level—Specify a loss priority for this forwarding class: high, low, medium-high, medium-low. 


code-points (alias | bits)—Specify a code-point alias or the code points that map to this forwarding class. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 
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RELATED DOCUMENTATION 


| Understanding Interfaces | 29 


client-identifier (Interfaces) 


Syntax 


client-identifier { 
(ascii string | hexadecimal string); 


} 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number family family-name dhcp] 


Release Information 
Statement introduced in Junos OS Release 9.2. 


Description 
Specify an ASCII or hexadecimal identifier for the Dynamic Host Configuration Protocol (DHCP) client. 
The DHCP server identifies a client by a client-identifier value. 


Options 
e ascii ascii —ldentifier consisting of ASCII characters. 


e hexadecimal hexadecimal —|dentifier consisting of hexadecimal characters. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| code-points (CoS) 
Syntax 


code-points ([ aliases ] | [ bit-patterns }); 


Hierarchy Level 


[edit class-of-service classifiers type classifier-name forwarding-class class-name loss-priority level] 


Release Information 

Statement introduced before Junos OS Release 7.4. 

Statement introduced in Junos OS Release 9.2 for SRX Series devices. 

Statement introduced in Junos OS Release 11.1 for the QFX Series. 

Statement introduced in Junos OS Release 12.1X44 for the SRX Series. 

Statement introduced in Junos OS Release 14.1X53-D20 for the OCX Series. 

Statement introduced in Junos OS Release 14.2 for PTX Series Packet Transport Routers. 


Description 


Specify one or more DSCP code-point aliases or bit sets to apply to a forwarding class.. 


NOTE: OCX Series switches do not support MPLS, and therefore, do not support EXP code 
points or code point aliases. 


Options 


aliases—Name of the DSCP alias. 


bit-patterns—Value of the code-point bits, in six-bit binary form. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
Understanding How Behavior Aggregate Classifiers Prioritize Trusted Traffic 


Example: Configuring Behavior Aggregate Classifiers 
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| Example: Configuring BA Classifiers on Transparent Mode Security Devices 


| compression-device (Interfaces) 


Syntax 


compression-device name; 


Hierarchy Level 


[edit interfaces interface-name unit (Interfaces) logical-unit-number] 
Release Information 
Statement introduced in Junos OS Release 9.2. 


Description 


Specify the compression interface for voice services traffic. 


Options 


name—Name of the AC. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| credit (Interfaces) 


Syntax 


credit { 
interval number; 


Hierarchy Level 


[edit interfaces interface-name radio—router |] 
Release Information 
Statement introduced in Junos OS Release 10.1. 


Description 
This parameter controls credit-based scheduling parameters and includes an interval option to set the 
grant rate interval to a value between 1-60 seconds. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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data-rate 


Syntax 


data-rate weight; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number radio-router] 


Release Information 
Statement introduced in Release 10.2 of Junos OS. 


Description 


Configure the weight of the resource factor when calculating an effective data rate. 


Options 

weight—Factor used to calculate data rate. 
Range: O through 100 
Default: 100 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring PPPoE-Based Radio-to-Router Protocols 
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| deactivation-delay 


Syntax 


deactivation-delay seconds; 


Hierarchy Level 


[edit interfaces dln unit logical-unit-number dialer-options] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 
On J Series Services Routers with ISDN interfaces, configure the ISDN deactivation delay. Used only for 
dialer backup and dialer watch cases. 


Options 

seconds—Interval before the backup interface is deactivated after the primary interface has comes up. 
Range: 1 through 4,294,967,295 seconds 
Default: O (zero) 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 
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| disable (PoE) 


Syntax 


disable; 


Hierarchy Level 


[edit poe interface (all | interface-name) | 
[edit poe interface (all | interface-name) telemetries] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 

Disables the PoE capabilities of the port. If PoE capabilities are disabled for a port, the port operates as a 
standard network access port. If the disable statement is specified after the telemetries statement, logging 
of PoE power consumption for the port is disabled. To disable monitoring and retain the stored interval 
and duration values for possible future use, you can specify the disable sub statement in the sub stanza 
for telemetries. Similarly for retaining the port configuration but disabling the PoE feature on the port, 
disable can be used in sub stanza for interface. 


Default 


The PoE capabilities are automatically enabled when a PoE interface is set. Specifying the telemetries 
statement enables monitoring of PoE per-port power consumption. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Example: Disabling a PoE Interface | 309 
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| dialer-options 
Syntax 


dialer-options { 
activation-delay seconds; 
callback; 
callback-wait-period time; 
deactivation-delay seconds; 
dial-string [ dial-string-numbers ]; 
idle-timeout seconds; 
incoming-map { 
caller caller-number | accept-all; 
initial-route-check seconds; 
load-interval seconds; 
load-threshold percent; 
pool pool-name; 
redial-delay time; 
self-recover-time 
watch-list { 


[ routes ]; 


Hierarchy Level 


[edit interfaces umdO], 
[edit interfaces dln unit logical-unit-number], 
[edit logical-systems logical-system-name interfaces dln unit logical-unit-number] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 


Specify the dialer options for configuring logical interfaces for group and user sessions. 
The remaining statements are explained separately. See CLI Explorer. 


You can use the new CLI option self-recover-time to configure the amount of time the cl interface waits 
to reconnect to a network after a disconnect occurs. In certain ISP networks, the modem disconnects and 
then reconnects after several seconds. The self-recover-time option provides enough time for the cl 
interface to reconnect instead of failing over to another cl interface immediately. If the reconnection 
attempt times out, then the connection fails over to another cl interface. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


| Junos OS Services Interfaces Library for Routing Devices 


| dialin 
Syntax 


dialin (console | routable); 


Hierarchy Level 


[edit interfaces undO modem-options] 


Release Information 
Statement introduced in Junos OS Release 8.5. 


Description 
For J Series Services Routers, configure a USB modem port to act as a dial-in console or WAN backup 
port. 


Options 


console—Configure the USB modem port to operate as a dial-in console for management. 


routable—Configure the USB modem port to operate as a dial-in WAN backup interface. 


Default: console 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 
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| dial-string 
Syntax 


dial-string [ dial-string-numbers ]; 


Hierarchy Level 


[edit interfaces br-pim/O/port unit logical-unit-number dialer-options], 
[edit logical-systems logical-system-name interfaces br-pim/O/port unit logical-unit-number dialer-options] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 


On J Series Services Routers with ISDN interfaces, specify one or more ISDN dial strings used to reach a 
destination subnetwork. 


Options 


dial-string-numbers—One or more strings of numbers to call. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


None 


| dhcp (DHCP Client) 


Syntax (EX Series) 


dhcp { 
client-identifier duid-type (duid-ll | duid-Ilt | vendor); 
no-dns-install; 
rapid-commit; 
options name; 


Syntax (SRX Series) 


dhcp { 

client-identifier { 
(ascii string | hexadecimal string); 

} 
force-discover; 
lease-time (length | infinite); 
metric; 
no-dns-install; 
options; 
requested-options; 
retransmission-attempt value; 
retransmission-interval seconds; 
server-address server-address; 
update-server; 
vendor-id vendor-id ; 


Hierarchy level (EX Series) 


[edit interfaces interface-name unit logical-unit-number family inet] 
[edit logical-systems name interfaces interface-name unit logical-unit-number family inet] 
[edit tenants tenant-name interfaces interface-name unit logical-unit-number family inet] 


Hierarchy level (SRX Series) 


[edit interfaces interface-name unit logical-unit-number family inet] 


Release Information 
Statement introduced in Junos OS Release 9.0 for EX Series switches. 
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Statement introduced in Junos OS Release 9.2 for SRX Series devices. 
The logical-systems and tenants options are introduced in Junos OS Release 18.4R1. 


Description 


Configure a Dynamic Host Configuration Protocol (DHCP) client for an IPv4 interface for logical systems 
and tenant systems. 


The remaining statements are described separately. 


NOTE: Starting in Junos OS Release 18.1R1, DHCPv4 and DHCPVvé6 clients are supported on 
management interfaces (fxpO and emO) configured in the non-default management routing 
instance, mgmt_junos. 


Options 


client-identifier duid-type—Identify a client by a client-identifier value. This statement is mandatory. 
no-dns-install—Configure the DHCPvé6 client DNS information. 

options—Specify options requested by the DHCPv4 client. 

force-discover—Send DHCPDISCOVER after DHCPREQUEST retransmission failure 


lease-time—Specify lease time in seconds requested in DHCP client protocol packet (60 through 
2147,,483,647 seconds for SRX devices) 


metric—client initiated default-route metric (0..255 for SRX Series devices) 
requested-options—Specify the DHCP options. 


The remaining statements are explained separately. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
Configuring a DHCP Client 
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| duration (PoE) 


Syntax 


duration hours; 


Hierarchy Level 


[edit poe interface (all | interface-name) telemetries] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 
Modifies the duration for which telemetry records are stored. If telemetry logging continues beyond the 
specified duration, the older records are discarded one by one as new records are collected. 


Options 

hours— Hours for which telemetry data should be retained. 
Range: 1 through 24 hours 
Default: 1 hour 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Example: Configuring PoE on All Interfaces | 306 
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family inet (Interfaces) 


Syntax 


inet { 
accounting { 
destination-class-usage; 
source-class-usage { 
input; 
output; 


} 
address (source-address/prefix) { 
arp destination-address { 
(mac mac-address | multicast-mac multicast-mac-address); 
publish publish-address; 
} 
broadcast address; 
preferred; 
primary; 
vrrp-group group-id { 
(accept-data | no-accept-data); 
advertise-interval seconds; 
advertisements-threshold number; 
authentication-key key-value; 
authentication-type (md5 | simple); 
fast-interval milliseconds; 
inet6-advertise-interval milliseconds 
(preempt <hold-time seconds> | no-preempt ); 
priority value; 
track { 
interface interface-name { 
bandwidth-threshold bandwidth; 
priority-cost value; 
} 
priority-hold-time seconds; 
route route-address{ 
routing-instance routing-instance; 
priority-cost value; 


} 
virtual-address [address]; 
virtual-link-local-address address; 
vrrp-inherit-from { 

active-group value; 


active-interface interface-name; 


} 

web-authentication { 
http; 
https; 
redirect-to-https; 


} 
dhcp { 
client-identifier { 
(ascii string | hexadecimal string); 
} 
lease-time (length | infinite); 
retransmission-attempt value; 
retransmission-interval seconds; 
server-address server-address; 
update-server; 
vendor-id vendor-id ; 
} 
dhcp-client { 
client-identifier { 
prefix { 
host-name; 
logical-system-name; 
routing-instance-name; 
} 
use-interface-description (device | logical); 
user-id (ascii string] hexadecimal string); 
} 
lease-time (length | infinite); 
retransmission-attempt value; 
retransmission-interval seconds; 
server-address server-address; 
update-server; 
vendor-id vendor-id ; 
} 
filter { 
group number; 
input filter-name; 
input-list [filter-name]; 
output filter-name; 
output-list [filter-name]; 
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mtu value; 
no-neighbor-learn; 
no-redirects; 
policer { 
arp arp-name; 
input input-name; 
output output-name; 
} 
primary; 
rpf-check { 
fail-filter filter-name; 
mode { 
loose; 


} 
sampling { 
input; 
output; 
simple-filter; 
} 
targeted-broadcast { 
(forward-and-send-to-re |forward-only); 
} 
unnumbered-address { 
interface-name; 
preferred-source-address preferred-source-address; 


Hierarchy Level 


[edit interfaces interface unit unit ] 


Release Information 


Statement supported in Junos 10.2 for SRX Series devices. 


Description 


Assign an IP address to a logical interface. 
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Options 


ipaddress—Specify the IP address for the interface. The remaining statements are explained separately. 


NOTE: You use family inet to assign an IPv4 address. You use family inet6 to assign an IPv6 
address. An interface can be configured with both an IPv4 and IPvé6 address. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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family inet6 


Syntax 


ineté { 
accounting { 
destination-class-usage; 
source-class-usage { 
input; 
ouput; 


} 
address source-address/prefix { 
eui-64; 
ndp address { 
(mac mac-address | multicast-mac multicast-mac-address); 
publish; 
} 
preferred; 
primary; 
vrrp-inet6-group group_id { 
(accept-data | no-accept-data); 
advertisements-threshold number; 
authentication-key value; 
authentication-type (md5 | simple); 
fast-interval milliseconds; 
inet6-advertise-interval milliseconds; 
(preempt <hold-time seconds>| no-preempt ); 
priority value; 
track { 
interface interface-name { 
bandwidth-threshold value; 
priority-cost value; 
} 
priority-hold-time seconds; 
route route-address{ 
routing-instance routing-instance; 


} 
virtual-inet6-address [address]; 
virtual-link-local-address address; 
vrrp-inherit-from { 

active-group value; 


active-interface interface-name; 
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} 
web-authentication { 
http; 
https; 
redirect-to-https; 


} 
(dad-disable | no-dad-disable); 
dhcpvé-client { 
client-ia-type (ia-na | ia-pd); 
client-identifier duid-type (duid-ll | duid-Ilt | vendor); 
client-type (autoconfig | stateful); 
rapid-commit; 
req-option (dns-server | domain | fqdn | nis-domain | nis-server | ntp-server | sip-domain | sip-server |time-zone 
| vendor-spec); 
retransmission-attempt number, 
update-router-advertisement { 
interface interface-name; 
} 
update-server; 
} 
filter { 
group number; 
input filter-name; 
input-list [filter-name]; 
output filter-name; 
output-list [filter-name]; 
} 
mtu value; 
ndé-stale-time seconds; 
no-neighbor-learn; 
policer { 
input input-name; 
output output-name; 
} 
rpf-check { 
fail-filter filter-name; 
mode { 
loose; 


sampling { 
input; 
output; 
} 
unnumbered-address { 
interface-name; 
preferred-source-address preferred-source-address; 
} 
ndp-proxy | dad-proxy { 
interface-restricted 


} 


Hierarchy Level 


[edit interfaces interface unit unit ] 


Release Information 
Statement supported in Junos 10.2 for SRX Series devices. 


Description 


Assign an IPV6 address to a logical interface. 
Options 


ipaddress—Specify the IP address for the interface. The remaining statements are explained separately. 


NOTE: You use family inet6 to assign an IPv6 address. You use family inet to assign an IPv4 
address. An interface can be configured with both an IPv4 and IPvé6 address. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| flag (Interfaces) 


Syntax 


flag 


Hierarchy Level 


[edit interfaces interface-name traceoptions] 


Release Information 
Statement introduced in Junos OS Release 10.1. 


Description 


Define tracing operations for individual interfaces. To specify more than one tracing operation, include 


multiple flag statements. 


Options 


all—Enable all interface trace flags. 

event —Trace interface events. 

cache—Enable interface flags for Web filtering cache maintained on the routing table. 
enhanced—Enable interface flags for processing through Enhanced Web Filtering. 
ipc—Trace interface IPC messages. 

media—Trace interface media changes. 

critical—Trace critical events. 


major—Trace major events. 


NOTE: 
e MTU is limited to 1518 on this interface. 


e Cache and enhanced options are applicable only to Enhanced Web Filtering. 


Required Privilege Level 
interface—To view this statement in the configuration. 


interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 
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| Understanding Interfaces | 29 


| flexible-vlan-tagging (Interfaces) 


Syntax 


flexible-vlan-tagging; 


Hierarchy Level 


[edit interfaces interface | 


Release Information 
Statement introduced in Junos OS Release 12.1X44-D10. 


Description 


Simultaneously supports transmission of 802.1Q VLAN single-tag and dual-tag frames on logical interfaces 
on the same Ethernet port. 


NOTE: The flexible-vlan-tagging is supported only with either no encapsulation or VPLS VLAN 
encapsulation. 


Options 
native-vlan-id—Configures a VLAN identifier for single-tag frames, dual-tag frames, or a mixture of single-tag 
and dual-tag frames. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring VLAN Tagging | 64 
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flow-control (Interfaces) 


Syntax 


(flow-control | no-flow-control); 


Hierarchy Level 


[edit interfaces interface-name fastether-options] 
[edit interfaces interface-name gigether-options] 
[edit interfaces interface-name redundant-ether-options] 


Release Information 
Statement modified in Junos OS Release 9.2. 


Description 
For Fast Ethernet, Gigabit Ethernet, and redundant Ethernet interfaces, flow control regulates the flow of 
packets from the device to the remote side of the connection. 


Default 


Flow control is the default behavior for Fast Ethernet and Gigabit Ethernet interfaces. Flow control is 
disabled by default for redundant Ethernet interfaces 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
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| flow-monitoring (Services) 


Syntax 


flow-monitoring { 
version9 { 
template template-name { 
flow-active-timeout seconds; 
flow-inactive-timeout seconds; 
ipv4-template; 
ipv6é-template; 
option-refresh-rate { 
packets packets; 
seconds seconds; 


} 

template-refresh-rate { 
packets packets; 
seconds seconds; 


Hierarchy Level 


[edit services] 
Release Information 
Statement introduced in Junos OS Release 10.4. 


Description 


Configure flow monitoring. 


Options 


version9—Version 9 configuration. 


Required Privilege Level 
services—To view this statement in the configuration. 
services-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 
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Understanding Interfaces | 29 
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| forwarding-classes (CoS) 


List of Syntax 
SRX Series on page 628 
M320, MX Series, T Series, EX Series, PTX Series on page 628 


SRX Series 


forwarding-classes { 
class class-name { 
priority (high | low); 
queue-num number; 
spu-priority (high | low | medium); 
} 
queue queue-number { 
class-name { 
priority (high | low); 


M320, MX Series, T Series, EX Series, PTX Series 


forwarding-classes { 
class queue-num queue-number priority (high | low); 
queue queue-number class-name priority (high | low) [ policing-priority (premium | normal) ]; 


Hierarchy Level 


[edit class-of-service] 


Release Information 

Statement introduced before Junos OS Release 7.4. 

Statement introduced in Junos OS Release 8.5. 

policing-priority option introduced in Junos OS Release 9.5. 

Statement updated in Junos OS Release 11.4. 

The spu-priority option introduced in Junos OS Release 11.4R2. 

Statement introduced on PTX Series Packet Transport Routers in Junos OS Release 12.1. 

Change from 2 to 4 queues was made in Junos OS Release 12.3X48-D40 and in Junos OS Release 
15.1X49-D70. 

medium-high and medium-low priorities for spu-priority are deprecated and medium priority is added in 
Junos OS Release 19.1R1. 


629 


Description 


Command used to associate forwarding classes with class names and queues with queue numbers. 


All traffic traversing the SRX Series device is passed to an SPC to have service processing applied. Junos 
OS provides a configuration option to enable packets with specific Differentiated Services (DiffServ) code 
points (DSCP) precedence bits to enter a high-priority queue or a medium-priority queue or low-priority 
queue on the SPC. The Services Processing Unit (SPU) draws packets from the highest priority queue first, 
then from the medium priority queue, last from the low priority queue. The processing of queue is 
weighted-based not strict-priority-based. This feature can reduce overall latency for real-time traffic, such 
as voice traffic. 


Initially, the spu-priority queue options were "high" and "low". Then, these options (depending on the 
devices) were expanded to "high", "medium-high", "medium-low", and "low". The two middle options 
("medium-high" and "medium-low") have now been deprecated (again, depending on the devices) and 
replaced with "medium". So, the available options for spu-priority queue are "high", "medium", and "low". 


We recommend that the high-priority queue be selected for real-time and high-value traffic. The other 
options would be selected based on user judgement on the value or sensitivity of the traffic. 


For M320, MX Series, T Series routers and EX Series switches only, you can configure fabric priority 
queuing by including the priority statement. For Enhanced IQ PICs, you can include the policing-priority 
option. 


NOTE: The priority and policing-priority options are not supported on PTX Series Packet 
Transport Routers. 
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Options 
e class class-name—Displays the forwarding class name assigned to the internal queue number. 


NOTE: This option is supported only on SRX5400, SRX5600, and SRX5800. 


NOTE: AppQoS forwarding classes must be different from those defined for interface-based 
rewriters. 


e priority—Fabric priority value: 
e high—Forwarding class’ fabric queuing has high priority. 
e low—Forwarding class’ fabric queuing has low priority. 
The default priority is low. 
e queue queue-number—Specify the internal queue number to which a forwarding class is assigned. 


e spu-priority—Services Processing Unit (SPU) priority queue, high, medium, or low. The default spu-priority 
is low. 


NOTE: The spu-priority option is supported only on SRX5000 line devices. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Example: Configuring AppQoS 
Configuring a Custom Forwarding Class for Each Queue 
Forwarding Classes and Fabric Priority Queues 


Configuring Hierarchical Layer 2 Policers on IQE PICs 





Classifying Packets by Egress Interface 
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| fpc (Interfaces) 


Syntax 


fpc slot-number ; 


Hierarchy Level 


[edit interfaces pic-set pic-set-name] 


Release Information 
Command introduced in Junos OS Release 9.6. 


Description 
Sets the PIC bundle and the FPC slot. 


The pic-set bundles all the PICs and corresponding logical interfaces. A PIC can only join only one pic-bundle, 
and cannot join multiple pic-bundles at same time. When the pic-set configuration changes, all the logical 
interfaces related to the PIC should be synchronized to all member IOC. 


Options 
e apply-groups—Inherit configuration data from these groups. 


e apply-groups-except—Do not inherit configuration data from these groups. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
interface (PIC Bundle) | 641 
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| gratuitous-arp-reply 
Syntax 


(gratuitous-arp-reply | no-gratuitous-arp-reply); 


Hierarchy Level 


[edit interfaces interface-name] 
[edit interfaces interface-range interface-range-name] 


Release Information 

Statement introduced before Junos OS Release 7.4. 

Statement introduced in Junos OS Release 9.0 in EX Series switches. 

Statement introduced in Junos OS Release 12.2 for ACX Series Universal Metro Routers. 


Description 


For Ethernet interfaces, enable updating of the Address Resolution Protocol (ARP) cache for gratuitous 
ARPs. 


Default 
Updating of the ARP cache is disabled on all Ethernet interfaces. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring Gratuitous ARP 


no-gratuitous-arp-request 
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| gsm-options 
Syntax 


gsm-options { 
select-profile profile-name; 
profiles { 
profile-name { 

sip-user-id simple-ip-user-id; 
sip-password simple-ip-password; 
access-point-name apn; 
authentication-method (pap | chap | none); 


Hierarchy Level 


[edit interfaces interface-name cellular-options] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 
Configure the 3G wireless modem interface to establish a data call with a Global System for Mobile 
Communications (GSM) cellular network. 


Options 


The remaining statements are explained separately. See CLI Explorer. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 
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| guard-band (PoE) 


Syntax 


guard-band watts; 


Hierarchy Level 


[edit poe] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 


Reserves the specified amount of power for the SRX Series device in case of a spike in PoE consumption. 


Options 

watts—Amount of power to be reserved for the SRX Series device in case of a spike in PoE consumption. 
Range: O through 19 W 
Default: O W 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Power over Ethernet | 296 
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| hold-time (Redundant Ethernet Interfaces) 


Syntax 


hold-time (up | down) timer 


Hierarchy Level 


[edit interfaces interface-name | 


Release Information 
Statement introduced in Junos OS Release 18.4R1 for the SRX Series. 


Description 

The hold timer enables interface damping by not advertising interface transitions until the hold timer 
duration has passed. When a hold-down timer is configured for a parent RETH interface and the primary 
child interface goes from up to down, the down hold-time timer is triggered. Every interface transition 
that occurs during the down hold-time is ignored. When the timer expires and the primary child interface 
state is still down, then the router begins to advertise the parent RETH interface as being down. Similarly, 
when a hold-up timer is configured for a parent RETH interface and the primary child interface goes from 
down to up, the up hold-time timer is triggered. Every interface transition that occurs during the up 
hold-time is ignored. When the timer expires and the primary child interface state is still up, then the router 
begins to advertise the parent RETH interface as being up. 


The hold timer (both up and down) improves the flexibility and resilience of SRX devices. Specify the timer 
value in seconds to reduce unnecessary loss of traffic and downtime. 


NOTE: Starting in Junos OS release 18.4R1, all SRX devices have default delay timer of 11 
seconds for both up hold-time and down hold-time. 


Options 


down seconds—Hold time to use when an interface transitions from up to down. 


up seconds—Hold time to use when an interface transitions from down to up. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 
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Related topics 


[Warning: element unresolved in stylesheets: <title> (in <related-topics>). This is probably a new element 
that is not yet supported in the stylesheets.] 
Related topics 


Physical Interface Damping Overview 





hold-time 


| hub-assist 


Syntax 


hub-assist weight; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number radio-router] 


Release Information 
Statement introduced in Junos OS Release 10.2. 


Description 


Configure the weight of the resource factor when calculating an effective interface bandwidth. 


Options 

weight—Factor used to calculate interface bandwidth. 
Range: O through 100 
Default: 100 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring PPPoE-Based Radio-to-Router Protocols 
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| idle-timeout 


Syntax 


idle-timeout seconds; 


Hierarchy Level 


[edit interfaces dln unit logical-unit-number dialer-options] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 
On J Series Services Routers with ISDN interfaces, configure the number of seconds the link is idle before 


losing connectivity. 


Options 
seconds—Time for which the connection can remain idle. For interfaces configured to use a filter for traffic, 
the idle timeout is based on traffic. 

Range: 1 through 429497295 

Default: 120 seconds 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 


638 


| incoming-map 
Syntax 


incoming-map { 
caller caller-number | accept-all; 


Hierarchy Level 


[edit interfaces dln unit logical-unit-number dialer-options], 
[edit logical-systems logical-system-name interfaces dln unit logical-unit-number dialer-options] 


Release Information 
Statement introduced in Junos OS Release 7.5. 


Description 
On J Series Services Routers with interfaces configured for ISDN, specify the dialer to accept incoming 


Calls. 


The remaining statements are explained separately. See CLI Explorer. 


NOTE: The incoming-map statement is mandatory for the router to accept any incoming ISDN 
Calls. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 


639 


| initial-route-check 


Syntax 


initial-route-check seconds; 


Hierarchy Level 


[edit interfaces dln unit logical-unit-number dialer-options] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 
On J Series Services Routers with ISDN interfaces, allows the router to check whether the primary route 
is up after the initial startup of the router is complete and the timer expires. 


Options 

seconds—How long to wait to check if the primary interface is up after the router comes up. 
Range: 1 through 300 seconds 
Default: 120 seconds 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


ISDN Interfaces Overview 


Junos OS Interfaces and Routing Configuration Guide 
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| inline-jflow (Forwarding Options) 
Syntax 


inline-jflow { 
flow-export-rate number; 
source-address ip-address; 


Hierarchy Level 


[edit forwarding-options sampling instance instance- name family inet output] 
[edit forwarding-options sampling instance instance- name family inet6 output] 


Release Information 
Statement introduced in Junos OS Release 10.4. Support for family inet6 added in Junos OS Release 
12.1X45-D10. 


Description 


Specify Inline processing of sampled packets. 


Options 
e flow-export-rate value—Flow export rate of monitored packets in kpps. The range is from 1 through 
AOO. 


e source-address address—Address to use for generating monitored packets. 


Required Privilege Level 
services—To view this statement in the configuration. 
services-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| interface (PIC Bundle) 


Syntax 


interface interface-name; 


Hierarchy Level 


[edit interfaces pic-set pic-set-name] 
Release Information 
Command introduced in Junos OS Release 9.6. 


Description 
Sets the PIC bundle and the interface. 


Options 
e apply-groups- Groups from which to inherit configuration data. 


e apply-groups-except- Do not inherit configuration data from these groups. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| interface (PoE) 


Syntax 


interface (all | interface-name) { 

disable; 
maximum-power watts; 
priority (high | low); 
telemetries { 

disable; 

duration hours; 

interval minutes; 


Hierarchy Level 


[edit poe] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 
Enable a PoE interface for a PoE port. The PoE interface must be enabled in order for the port to provide 
power to a connected powered device. 


Default 
The PoE interface is enabled by default 


Options 
e all— Apply the configuration to all interfaces on the SRX Series device that have not been explicitly 
configured otherwise. 


e interface-name— Explicitly configure a specific interface. 


The remaining statements are explained separately. See CLI Explorer. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 
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Understanding Power over Ethernet | 296 
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interfaces (CoS) 


Syntax 


interfaces 
interface-name { 
input-scheduler-map map-name ; 
input-shaping-rate rate ; 
scheduler-map map-name ; 
scheduler-map-chassis map-name ; 
shaping-rate rate ; 
unit logical-unit-number { 
adaptive-shaper adaptive-shaper-name ; 
classifiers { 
(dscp | dscp-ipvé | exp | ieee-802.1 | inet-precedence) 
( classifier-name_ | default); 
} 
forwarding-class class-name ; 
fragmentation-map map-name ; 
input-scheduler-map map-name ; 
input-shaping-rate (percent percentage | rate ); 
input-traffic-control-profile profiler-name shared-instance instance-name ; 
loss-priority-maps { 
default; 
map-name ; 
} 
output-traffic-control-profile profile-name shared-instance instance-name ; 
rewrite-rules { 
dscp ( rewrite-name_ | default); 
dscp-ipv6( rewrite-name_ | default); 
exp ( rewrite-name_ | default) protocol protocol-types ; 
frame-relay-de ( rewrite-name_ | default); 
inet-precedence ( rewrite-name_ | default); 
} 
scheduler-map map-name ; 
shaping-rate rate ; 
virtual-channel-group group-name ; 


Hierarchy Level 


[edit class-of-service interface interface-name unit number] 


Release Information 
Statement introduced in Junos OS Release 8.5. 


Description 


Associate the class-of-service configuration elements with an interface. 


Options 


interface interface-name unit number—The user-specified interface name and unit number. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Class of Service User Guide (Security Devices) 
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| interval (Interfaces) 


Syntax 


interval seconds; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number radio-router credit] 


Release Information 
Statement introduced in Release 10.1 of Junos OS. 


Description 


Configure the frequency that the router generates credit announcement messages. 


Options 

seconds—Interval between PADG credit announcements for each session. 
Range: O through 60 
Default: 1 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring PPPoE-Based Radio-to-Router Protocols 
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| interval (PoE) 


Syntax 


interval minutes; 


Hierarchy Level 


[edit poe interface (all | interface-name) telemetries] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 
Modifies the interval for logging telemetries if you are monitoring the per-port power consumption for 
PoE interfaces. 


Options 
minutes—Interval at which data is logged. 
Range: 1 through 30 minutes 


Default: 5 minutes 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 


| isdn-options 
Syntax 


isdn-options { 
bchannel-allocation (ascending | descending); 
calling-number number, 
incoming-called-number number <reject>; 
spid1 spid-string; 
spid2 spid-string; 
static-tei-val value; 
switch-type (att5e | etsi | ni1 | ntdms100 | ntt); 
t310 seconds; 
tei-option (first-call | power-up); 


Hierarchy Level 


[edit interfaces br-pim/O/port], 
[edit interfaces ct1-pim/O/port], 
[edit interfaces ce1-pim/0/port] 


Release Information 
Statement introduced before Junos OS Release 7.4. 
bchannel-allocation option added in Junos OS Release 8.3. 


Description 
For J Series Services Routers only. Specify the ISDN options for configuring ISDN interfaces for group and 


user sessions. 


The remaining statements are explained separately. See CLI Explorer. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring ISDN Physical Interface Properties 
Allocating B-Channels for Dialout 


Junos OS Interfaces and Routing Configuration Guide 
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| ipv4-template (Services) 
Syntax 


ipv4-template; 


Hierarchy Level 


[edit services flow-monitoring version9 template template-name] 
Release Information 
Statement introduced in Junos OS Release 10.4. 


Description 


Specify that the flow monitoring version 9 template is used only for IPv4 records. 


Required Privilege Level 
services—To view this in the configuration. 
services-control—To add this to the configuration. 


RELATED DOCUMENTATION 


Understanding Traffic Processing on Security Devices 


Understanding Interfaces | 29 
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| ipv6é-template (Services) 
Syntax 


ipv6-template; 


Hierarchy Level 


[edit services flow-monitoring version9 template template-name] 
Release Information 


Statement introduced in Junos OS Release 12.1X45-D10. 


Description 


Specify that the flow monitoring version 9 template is used only for IPvé6 records. 


Required Privilege Level 
services—To view this in the configuration. 
services-control—To add this to the configuration. 


RELATED DOCUMENTATION 


Understanding Traffic Processing on Security Devices 


Understanding Interfaces | 29 
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| lacp (Interfaces) 


Syntax 


lacp { 
(active | passive); 
periodic (fast | slow); 


Hierarchy Level 


[edit interfaces interface-name redundant-ether-options] 


Release Information 
Statement introduced in Junos OS Release 10.2. 


Description 


For redundant Ethernet interfaces in a chassis cluster only, configure Link Aggregation Control Protocol 
(LACP). 


Options 

e active—Initiate transmission of LACP packets. 

e passive—Respond to LACP packets. 

e periodic—Interval for periodic transmission of LACP packets. The options are: 
e fast—Transmit link aggregation control PDUs every second. 


e slow—Transmit link aggregation control PDUs every 30 seconds. 
Default: If you do not specify lacp as either active or passive, LACP remains off (the default). 
The remaining statements are explained separately. See CLI Explorer. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding LACP on Standalone Devices | 236 
periodic (Interfaces) | 679 
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| latency (Interfaces) 


Syntax 


latency number; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number radio—router ] 
Release Information 
Statement introduced in Junos OS Release 10.1. 


Description 


This option controls the latency weight (value 0-100). 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


PPPoE-Based Radio-to-Router Protocols Overview 
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lease-time 


Syntax 


lease-time (length | infinite); 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number family inet dhcp] 


Release Information 

Statement introduced in Junos OS Release 9.0 for EX Series switches. 
Statement introduced in Junos OS Release 9.2 for SRX Series devices. 
Statement introduced in Junos OS Release 14.1X53-D20 for the OCX Series. 


Description 
Request a specific lease time for the IP address. The lease time is the length of time in seconds that a client 
holds the lease for an IP address assigned by a DHCP server. 


Default 
If no lease time is requested by client, then the server sends the lease time. The default lease time ona 
Junos OS DHCP server is one day. 


Options 
seconds —Request a lease time of a specific duration. 
Range: 60 through 2147483647 seconds 


infinite—Request that the lease never expire. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


DHCP Client 
DHCPv6 Client 
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| line-rate (Interfaces) 


Syntax 


line-rate 


Hierarchy Level 


[edit interfaces interfaces name shdsl-options] 


Release Information 
Command introduced in Junos OS Release 10.0. 


Description 


Specify a line rate for an G.SHDSL interface. 


Options 
e auto— Automatically selects a line rate. 


e value — Select the values between 192 kbps and 22784 kbps for the speed of transmission of data on 
the G.SHDSL connection. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Example: Configuring the G.SHDSL Interface on SRX Series Devices 
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link-speed (Interfaces) 


Syntax 


link-speed speed; 


Hierarchy Level 


[edit interfaces interface-name redundant-ether-options] 
Release Information 
Statement modified in Release 9.0 of Junos OS. 


Description 


For redundant Ethernet interfaces in a chassis cluster only, set the required link speed. 


Options 
speed —For redundant Ethernet links, you can specify speed in bits per second either as a complete decimal 
number or as a decimal number followed by the abbreviation k (1000), m (1,000,000), or g (1,000,000,000). 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces Configuration Guide for Security Devices 
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| load-interval 


Syntax 


load-interval seconds; 


Hierarchy Level 


[edit interfaces dln unit logical-unit-number dialer-options], 
[edit logical-systems logical-system-name interfaces dln unit logical-unit-number dialer-options] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 
On J Series Services Routers with ISDN logical interfaces, specify the interval used to calculate the average 
load on the network. By default, the average interface load is calculated every 60 seconds. 


Options 

seconds—Number of seconds at which the average load calculation is triggered. 
Range: 20 through 180, in 10-second intervals 
Default: 60 seconds 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 
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| load-threshold 


Syntax 


load-threshold percent; 


Hierarchy Level 


[edit interfaces dln unit logical-unit-number dialer-options], 
[edit logical-systems logical-system-name interfaces dln unit logical-unit-number dialer-options] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 

On J Series Services Routers with ISDN logical interfaces, specify the bandwidth threshold percentage 
used for adding interfaces. Another link is added to the multilink bundle when the load reaches the threshold 
value you set. Specify a percentage between O and 100. 


Options 
percent—Bandwidth threshold percentage used for adding interfaces. When set to O, all available channels 
are dialed. 

Range: O through 100 seconds 

Default: 100 seconds 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 
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| loopback (Aggregated Ethernet, Fast Ethernet, and Gigabit Ethernet) 
Syntax 


(loopback | no-loopback); 


Hierarchy Level 


[edit interfaces interface-name aggregated-ether-options], 
[edit interfaces interface-name ether-options], 

[edit interfaces interface-name fastether-options], 

[edit interfaces interface-name gigether-options], 

[edit interfaces interface-range name ether-options] 


For QFX Series and EX Series: 


[edit interfaces interface-name aggregated-ether-options], 
[edit interfaces interface-name ether-options], 


For SRX Series Devices and vSRX: 


[edit interfaces interface-name redundant-ether-options] 


Release Information 

Statement introduced before Junos OS Release 7.4 for MX Series. 

Statement introduced in Junos OS Release 9.0 for EX Series switches. 

Statement introduced in Junos OS Release 12.2 for ACX Series Universal Metro Routers. 
Statement introduced in Junos OS Release 11.1 for the QFX Series. 

Statement introduced in Junos OS Release 14.1X53-D20 for the OCX Series. 

Statement modified in Junos OS Release 9.2 for the SRX Series. 


Description 
For aggregated Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet interfaces, enable or 
disable loopback mode. 
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NOTE: 
e By default, local aggregated Ethernet, Fast Ethernet, Tri-Rate Ethernet copper, Gigabit Ethernet, 
and 10-Gigabit Ethernet interfaces connect to a remote system. 


e IPv6é Neighbor Discovery Protocol (NDP) addresses are not supported on Gigabit Ethernet 
interfaces when loopback mode is enabled on the interface. That is, if the loopback statement 
is configured at the [edit interfaces ge-fpc/pic/port gigether-options] hierarchy level, an NDP 
address cannot be configured at the [edit interfaces ge-fpc/pic/port unit logical-unit-number 
family inet6 address] hierarchy level. 


Default 
By default, loopback is disabled. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring Ethernet Loopback Capability 
Understanding Interfaces | 29 
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| loss-priority (CoS Loss Priority) 


Syntax 


loss-priority level code-points [values ]; 


Hierarchy Level 


[edit class-of-service loss-priority-maps frame-relay-de map-name] 


Release Information 
Statement introduced in Junos OS Release 9.2. 


Description 

Map CoS values to a packet loss priority (PLP). In Junos OS, classifiers associate incoming packets with a 
forwarding class (FC) and PLP. PLPs allow you to set the priority for dropping packets. Typically, you mark 
packets exceeding some service level with a high loss priority—that is, a greater likelihood of being dropped. 


Options 

level can be one of the following: 

e high—Packet has high loss priority. 

e medium-high—Packet has medium-high loss priority. 
e medium-low—Packet has medium-low loss priority. 


e low—Packet has low loss priority. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 


Understanding Packet Loss Priorities 
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| loss-priority (CoS Rewrite Rules) 


Syntax 


loss-priority level; 


Hierarchy Level 


[edit class-of-service rewrite-rules type rewrite-name forwarding-class class-name] 


Release Information 
Statement introduced in Junos OS Release 9.2. 


Description 

Specify a loss priority to which to apply a rewrite rule. The rewrite rule sets the code-point aliases and bit 
patterns for a specific forwarding class and packet loss priority (PLP). The inputs for the map are the 
forwarding class and the PLP. The output of the map is the code-point alias or bit pattern. 


Options 

level can be one of the following: 

e high—The rewrite rule applies to packets with high loss priority. 

e low—The rewrite rule applies to packets with low loss priority. 

e medium-high—The rewrite rule applies to packets with medium-high loss priority. 


e medium-low—The rewrite rule applies to packets with medium-low loss priority. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Class of Service User Guide (Security Devices) 
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| loss-priority-maps (CoS Interfaces) 


Syntax 


loss-priority-maps { 
frame-relay-de (map-name | default); 


} 


Hierarchy Level 


[edit class-of-service interfaces interface-name unit logical-unit-number] 
Release Information 
Statement introduced in Junos OS Release 9.2. 


Description 


Assign the loss priority map to a logical interface. 


Options 
e default—Apply default loss priority map. The default map contains the following: 


loss-priority low code-point 0; 
loss-priority high code-point 1; 


e map-name—Name of loss priority map to be applied. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| loss-priority-maps (CoS) 
Syntax 


loss-priority-maps { 
frame-relay-de loss-priority-map-name { 
loss-priority (high | low | medium-high | medium-low) { 
code-points [bit-string]; 
} 


Hierarchy Level 


[edit class-of-service] 
Release Information 
Statement introduced in Junos OS Release 9.2. 


Description 


Map the loss priority of incoming packets based on CoS values. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| management (PoE) 


Syntax 


management (class | static); 


Hierarchy Level 


[edit poe] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 


Designates how the SRX Series device allocates power to the PoE ports. 


Default 


static 


Options 
e static—When a powered device is connected to a PoE port, the power allocated to it is equal to the 
maximum power configured for the port. 


e class—When a powered device is connected to a PoE port, the power allocated to it is equal to the 
maximum power for the class as defined by the IEEE 802.3 AF standard. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Example: Configuring PoE on All Interfaces | 306 
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| maximum-power (PoE) 


Syntax 


maximum-power watts; 


Hierarchy Level 


[edit poe interface (all | interface-name)] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 


Maximum amount of power that can be supplied to the port. 


Default 
15.4W 


Options 


Watts—The maximum number of watts that can be supplied to the port. 
Range —O through 15.4 


Default—15.4 W 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Example: Configuring PoE on All Interfaces | 306 
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| mdi-mode 
Syntax 


mdi-mode mode; 


Hierarchy Level 


[edit interfaces interface-name ether-options] 
[edit interfaces interface-range range ether-options] 


Release Information 
Statement introduced in Junos OS Release 12.2 for EX Series switches. 
Support for SRX Series devices introduced in Junos OS Release 15.1x49.D80. 


Description 
You must configure media dependent interface (MDI) properties for a 10-Gigabit Ethernet interface on a 
copper network port of an EX4550 switch to ensure that both sides of the link are compatible. 


MDI refers to the IEEE standard for the interface to an unshielded twisted pair (UTP) cable. Twisted-pair 
Ethernet standards are such that the majority of cables can be wired "straight-through" (pin 1 to pin 1, pin 
2 to pin 2 and so on), but others may need to be wired in the "crossover" form (receive to transmit and 
transmit to receive). 


For most ports, the switch can automatically detect the required connection type and can therefore 
configure the interface appropriately. However, the switch cannot automatically detect whether the 
connection type of a 10-Gigabit Ethenet interface on a copper network port is straight-through or crossover. 


Therefore, you must set the MDI properties of the local interface of a 10-Gigabit Ethernet interface on a 
copper network port to ensure that it will work correctly with the other side of the link. When you set this 
configuration on an interface, you must also disable auto-negotiation and set the speed to 100m. 


NOTE: This configuration does not apply to management Ethernet or console interfaces and it 
does not apply to 1-Gigabit copper ports. 


The proper setting depends both on the type of cable and the setting that is being used on the other side 
of the link: 


e For crossover cables—Set the polarity to match the other side of the link. Specify mdi for the switch 
interface if mdi is being used on the other side of the link; specify mdix if mdix is being used on the other 
side of the link. 
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e For straight cables—Set the polarity to be the opposite of the other side link. Specify mdi for the switch 
interface if mdix is being used on the other side of the link; specify mdix if mdi is being used on the other 
side of the link. 


Options 
One of the following modes: 


auto—Set the MDI properties to automatic. This setting should not be used with 10-Gigabit Ethernet 
interfaces on a copper network port of an EX4550 switch. 


mdi—Set the MDI properties of the interface to straight through mode. The selection of the mode depends 
on whether crossover or straight cables are being used and on the setting used on the other side of 
the link. 


mdix—Set the MDI properties of the interface to crossover mode. The selection of the mode depends on 
whether crossover or straight cables are being used and on the setting used on the other side of the 
link. 


force—For SRX Series devices this option enables the MDI properties to auto-mdix always. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring Gigabit Ethernet Interfaces (CLI Procedure) 
Interfaces Overview for Switches 
Junos OS Ethernet Interfaces Configuration Guide 


Interfaces User Guide for Security Devices 
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| media-type (Interfaces) 


Syntax 


media-type 


Hierarchy Level 


[edit interfaces interface-name media-type] 
Release Information 
Command introduced in Junos OS Release 10.2. 


Description 
Configure the operating modes for the 2-Port 10 Gigabit Ethernet XPIM. 


Options 
e copper 


e fiber 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| minimum-links (Interfaces) 


Syntax 


minimum-links number; 


Hierarchy Level 


[edit interfaces interface-name redundant-ether-options] 


Release Information 
Statement added in Release 10.1 of Junos OS. 


Description 

For redundant Ethernet interfaces configured as 802.3ad redundant Ethernet interface link aggregation 
groups (LAGs) in a chassis cluster only, set the required minimum number of physical child links on the 
primary node that must be working to prevent the interface from being down. Interfaces configured as 
redundant Ethernet interface LAGs typically have between 4 and 16 physical interfaces, but only half, 
those on the primary node, are relevant to the minimum-links setting. 


If the number of operating interfaces on the primary node falls below the configured value, it will cause 
the interface to be down even if some of the interfaces are still working. 


Options 

number—For redundant Ethernet interface link aggregation group links, specify the number of physical 
child links on the primary node in the redundant Ethernet interface that must be working. The default 
minimum-links value is 1. The maximum value is half of the total number of physical child interfaces bound 
to the redundant Ethernet interface being configured or 8, whichever is smaller. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces Configuration Guide for Security Devices 
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| modem-options 
Syntax 


modem-options { 
dialin (console | routable); 
init-command-string initialization-command-string; 


Hierarchy Level 


[edit interfaces umdO] 


Release Information 
Statement introduced in Junos OS Release 8.2. 


Description 


For J Series Services Routers, configure a USB port to act as a USB modem. 


The remaining statement is explained separately. See CLI Explorer. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 
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| mtu 


Syntax 


mtu bytes; 


Hierarchy Level 


[edit interfaces interface-namel, 
[edit interfaces interface-name unit logical-unit-number family family], 
[edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number family family] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 

Maximum transmission unit (MTU) size for the media or protocol. The default MTU size depends on the 
device type. Not all devices allow you to set an MTU value, and some devices have restrictions on the 
range of allowable MTU values. 


Options 
bytes—MTU size. 
Range: O through 5012 bytes 
Default: 1500 bytes (inet, inet6, and iso families), 1448 bytes (mpls) 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring MRRU on Multilink and Link Services Logical Interfaces 


Junos OS Network Interfaces Library for Routing Devices 
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| native-vlan-id 
Syntax 


native-vlan-id vlan-id; 


Hierarchy Level (QFX Series and EX4600) 
For platforms without ELS: 


[edit interfaces (QFX Series) interface-name unit O family ethernet-switching] 


For platforms with ELS: 


[edit interfaces (QFX Series) interface-name] 


Hierarchy Level (ACX Series, EX Series, SRX Series, M Series, MX Series, and T Series) 


[edit interfaces ge-fpc/pic/port], 
[edit interfaces interface-name] 


Hierarchy Level (SRX Series) 


[edit interfacesinterface-name | 


Release Information 

Statement introduced in Junos OS Release 8.3. 

Statement introduced in Junos OS Release 9.0 for EX Series switches. 

Statement introduced in Junos OS Release 9.5 for SRX Series. 

Statement introduced in Junos OS Release 11.1 for the QFX Series. 

Statement introduced in Junos OS Release 12.2 for ACX Series Universal Metro Routers. 
Statement introduced in Junos OS Release 12.3R2 for EX Series switches. 

Statement introduced in Junos OS Release 13.2X51-D20 for the QFX Series. 


Description 
Configure the VLAN identifier to associate with untagged packets received on the physical interface of a 


trunk mode interface for the following: 


e QFX Series and EX4600 


e M Series routers with Gigabit Ethernet IQ PICs with SFP and Gigabit Ethernet 1Q2 PICs with SFP 
configured for 802.1Q flexible VLAN tagging 
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e MX Series routers with Gigabit Ethernet DPCs and MICs, Tri-Rate Ethernet DPCs and MICs, and 
10-Gigabit Ethernet DPCs and MICs and MPCs configured for 802.1Q flexible VLAN tagging 


e 14000 routers with 100-Gigabit Ethernet Type 5 PIC with CFP 


e EX Series switches with Gigabit Ethernet, 10-Gigabit Ethernet, 40-Gigabit Ethernet, and aggregated 
Ethernet interfaces 


The logical interface on which untagged packets are received must be configured with the same VLAN ID 
as the native VLAN ID configured on the physical interface, otherwise the untagged packets are dropped. 
To configure the logical interface, include the vlan-id statement (matching the native-vlan-id statement 

on the physical interface) at the [edit interfaces interface-name unit logical-unit-number] hierarchy level. 


When the native-vlan-id statement is included with the flexible-vlan-tagging statement, untagged packets 
are accepted on the same mixed VLAN-tagged port and on the interfaces that are configured for Q-in-Q 
tunneling. 


When the native-vlan-id statement is combined with the interface-mode statement, untagged packets are 
accepted and forwarded within the bridge domain or VLAN that is configured with the matching VLAN 
ID. 


To configure the logical interface, include the vlan-id statement (matching the native-vlan-id statement 
on the physical interface) at the [edit interfaces interface-name unit logical-unit-number] hierarchy level. 


NOTE: Starting in Junos OS Release 17.1R1, you can send untagged traffic without a native 
VLAN ID to the remote end of the network. To do this, remove the native VLAN ID from the 
untagged traffic configuration by setting the no-native-vlan-insert statement. If you do not 
configure this statement, the native VLAN ID is added to the untagged traffic. 


Default 
By default, the untagged packets are dropped. That is, if you do not configure the native-vlan-id option, 
the untagged packets are dropped. 


Options 
vlan-id—Numeric identifier of the VLAN. 
Range: 1 through 4094 


number—VLAN ID number. 
Range: (ACX Series routers, SRX Series devices and EX Series switches) 0 through 4094. 


Required Privilege Level 

routing—To view this statement in the configuration. 
routing-control—To add this statement to the configuration. 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring Gigabit Ethernet Interfaces (CLI Procedure) 
Configuring Gigabit Ethernet Interfaces (J- Web Procedure) 
Understanding Bridging and VLANs on Switches 

Enabling VLAN Tagging 

Configuring Access Mode on a Logical Interface 
Configuring the Native VLAN Identifier on Switches With ELS Support 
Understanding Interfaces | 29 

Understanding Q-in-Q Tunneling and VLAN Translation 
no-native-vlan-insert 

Sending Untagged Traffic Without VLAN ID to Remote End 
show ethernet-switching interfaces 

show vlans 


flexible-vlan-tagging 





Junos OS Network Interfaces Configuration Guide 
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| next-hop-tunnel 


Syntax 


next-hop-tunnel gateway-address ipsec-vpn vpn-name; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number family family-name] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 

For the secure tunnel (st) interface, create entries in the Next-Hop Tunnel Binding (NHTB) table, which is 
used to map the next-hop gateway IP address to a particular IP Security (IPsec) Virtual Private Network 
(VPN) tunnel. NHTB allows the binding of multiple IPsec VPN tunnels to a single IPsec tunnel interface. 


Options 
e gateway-address—Next-hop gateway IP address. 


e ipsec-vpn vpn-name —VPN to which the next-hop gateway IP address is mapped. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| no-dns-propagation 
Syntax 


no-dns-propagation; 


Hierarchy Level 


[edit interface interface-name unit unit-number family inet | inet6 dhcp-client] 


Release Information 
Statement introduced in Junos OS Release 12.1X47-D35. 


Description 


Disable the propagation of DNS information to the kernel. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| option-refresh-rate (Services) 


Syntax 


option-refresh-rate 


Hierarchy Level 


[edit services flow-monitoring version9 template template-name] 
Release Information 
Statement introduced in Junos OS Release 10.4. 


Description 


Specify the option refresh rate. 


Options 
e packets—Specify the number of packets. The range is from 1 through 480,000. 


e seconds—Specify the number of seconds. The range is from 10 through 600. 


Required Privilege Level 
services—To view this statement in the configuration. 
services-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Flow Aggregation to Use Version 9 Flow Templates 
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| pic-mode (Chassis T1 Mode) 


Syntax 


pic-mode (clear-channel); 


Hierarchy Level 


[edit chassis fpc slot-number pic pic-number ethernet] 


Release Information 
Statement added in Junos OS Release 10.2. 


Description 


Configure normal T1 mode or channelized T1 mode. 


Options 
e clear-channel—(default) Normal T1 mode. 


e ct1—Channelized T1 mode. 


NOTE: When chassis clustering is enabled, it is necessary to indicate in the command which 
node is being configured. In such circumstances, the edit chassis fpc command becomes edit 
chassis node node-id fpc. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| periodic (Interfaces) 


Syntax 


periodic (fast | slow); 


Hierarchy Level 


[edit interfaces interface-name redundant-ether-options lacp] 


Release Information 
Statement introduced in Junos OS Release 10.2. 


Description 

For redundant Ethernet interfaces in a chassis cluster only, configure the interval at which the interfaces 
on the remote side of the link transmit link aggregation control protocol data units (PDUs) by configuring 
the periodic statement on the interfaces on the local side. It is the configuration on the local side that 
specifies the behavior of the remote side. That is, the remote side transmits link aggregation control PDUs 
at the specified interval. 


Options 
e fast—Transmit link aggregation control PDUs every second. 


e slow—Transmit link aggregation control PDUs every 30 seconds. 


Default: fast 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 


680 


| pool 


Syntax 


pool pool-name <priority priority>; 


Hierarchy Level 


[edit interfaces br-pim/O/port dialer-options], 

[edit interfaces umdO dialer-options], 

[edit interfaces dln unit logical-unit-number dialer-options], 

[edit logical-systems logical-system-name interfaces dln unit logical-unit-number dialer-options] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 

On J Series Services Routers, for logical and physical ISDN interfaces, specify the dial pool. The dial pool 
allows logical (dialer) and physical (br-pim/O/port) interfaces to be bound together dynamically on a per-call 
basis. On a dialer interface, pool directs the dialer interface which dial pool to use. On br-pim/0O/port 
interface, pool defines the pool to which the interface belongs. 


Options 


pool-name—Pool identifier. 


priority priority—(Physical br-pim/0O/port interfaces only) Specify a priority value of O (lowest) to 255 
(highest) for the interface within the pool. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 


681 


| ppp-over-ether 


Syntax 


ppp-over-ether; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number encapsulation] 


Release Information 
Statement introduced before Junos OS Release 11.2. 
This encapsulation is supported for Redundant Ethernet interface in Junos OS Release 11.2. 


Description 

This encapsulation is used for underlying interfaces of ppO interfaces. This encapsulation is supported on 
Fast Ethernet interface, Gigabit Ethernet interface, and Redundant Ethernet interface. When Redundant 
Ethernet interface is used as underlying interface, an existing pppoe session can be continued in case of 
failover. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
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| pppoe 


Syntax 


pppoe { 
command binary-file-path; 
disable; 


failover (alternate-media | other-routing-engine); 


Hierarchy Level 


[edit system processes] 


Release Information 
Statement introduced in Junos OS Release 9.2. 


Description 


Enable users to connect to a network of hosts over a bridge or access concentrator. 
Options 

e command binary-file-path—Path to the binary process. 

e disable—Disable the Point-to-Point Protocol over Ethernet process. 


e failover—Configure the device to reboot if the software process fails four times within 30 seconds, and 
specify the software to use during the reboot. 


e alternate-media—Configure the device to switch to backup media that contains a version of the system 
if a software process fails repeatedly. 


e other-routing-engine—Instruct the secondary Routing Engine to take mastership if a software process 
fails. If this statement is configured for a process, and that process fails four times within 30 seconds, 
then the device reboots from the secondary Routing Engine. 


Required Privilege Level 
system—To view this statement in the configuration. 
system-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
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| pppoe-options 
Syntax 


pppoe-options { 
access-concentrator name ; 
auto-reconnect seconds; 
(client | server); 
ignore-eol-tag; 
service-name name; 


underlying-interface interface-name; 


Hierarchy Level 


[edit interfaces ppO unit logical-unit-number], 
[edit logical-systems logical-system-name interfaces ppO unit logical-unit-number] 


Release Information 
Statement modified in Junos OS Release 12.3X48 to include ignore-eol-tag statement. 


Description 


Configure PPP over Ethernet-specific interface properties. 


Options 

access-concentrator name—(SRX Series devices with Point-to-Point Protocol over Ethernet (PPPoE) 
interfaces) Configure the name of the access concentrator. If you configure a specific access 
concentrator name on the client and the same access concentrator name server is available, then a 
PPPoE session is established. If there is a mismatch between the access concentrator names of the 
client and the server, the PPPoE session gets closed. 


auto-reconnect seconds—Configure the amount of time to wait before reconnecting after a session has 
terminated. 


client —Configure the device to operate in the PPPoE client mode. 
idle-timeout seconds—Configure the maximum time that a session can be idle. 


ignore-eol-tag—Disable the End-of-List tag to process the tags after the End-of-List tag in a PPPoE Active 
Discovery Offer (PADO) packet. 


service-name name—Configure the service to be requested from the PPP over Ethernet server; that is, 
the access concentrator. For example, you can use this statement to indicate an Internet service 
provider (ISP) name or a class of service. 
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server—Configure the device to operate in the PPPoE server mode. 
underlying-interface interface-name—Configure the interface on which PPP over Ethernet is running. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Example: Configuring PPPoE Interfaces | 347 
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priority (PoE) 
Syntax 


priority (high | low); 


Hierarchy Level 


[edit poe interface (all | interface-name)] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 

Sets the priority of individual ports. When it is not possible to maintain power to all connected ports, 
lower-priority ports are powered off before higher priority ports. When a new device is connected ona 
higher-priority port, a lower-priority port will be powered off automatically if available power is insufficient 
to power on the higher-priority port. Note that for ports with the same priority configuration, ports on 
the left are given higher priority than the ports on the right. 


Default 


low 


Options 


value—high or low: 


e high—Specify that this port is to be treated as high priority in terms of power allocation 


e low—Specify that this port is to be treated as low priority in terms of power allocation. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Example: Configuring PoE on All Interfaces | 306 


686 


| profile (Access) 


Syntax 


profile profile-name { 
accounting { 
accounting-stop-on-access-deny; 
accounting-stop-on-failure; 
duplication; 
duplication-attribute-format; 
duplication-filter; 
duplication-vrf; 
order [accounting-method]; 
statistics (time | volume-time); 
} 
address-assignment { 
inet6-pool inet6-pool-name; 
pool pool-name; 
} 
authentication-order (Idap | none | password | radius | s6a | securid); 
charging-service-list; 
client client-name { 
chap-secret chap-secret; 
client-group [ group-names ]; 
firewall-user { 
password password; 
} 
no-rfc2486; 
pap-password pap-password; 
x-auth ip-address; 
} 
client-name-filter { 
count number; 
domain-name domain-name; 
separator special-character; 
} 
domain-name-server name; 
domain-name-server-inet name; 
domain-name-server-inet6 name; 
jsrc; 
Idap-options { 
assemble { 
common-name common-name; 
} 


base-distinguished-name base-distinguished-name; 


revert-interval seconds; 
search { 
admin-search { 
distinguished-name distinguished-name; 
password password; 
} 


search-filter search-filter-name; 


} 
Idap-server server-address { 
port port-number; 
retry attempts; 
routing-instance routing-instance-name; 
source-address source-address; 
timeout seconds; 
} 
provisioning-order (gx-plus | jsrc); 
radius; 
radius-options; 
radius-server; 
session-limit-per-username; 
session-options { 
client-group [group-name]; 
client-idle-timeout minutes; 
client-session-timeout minutes; 
} 
subscriber; 


wins-server; 


Hierarchy Level 


[edit access] 


Release Information 

Statement introduced in Junos OS Release 10.4. 

inet6-pool option is introduced in Junos OS Release 20.3R1. 
none option is introduced in Junos OS Release 20.3R1. 


Description 


Create a profile containing a set of attributes that define device management access. 
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Options 


name—Profile name 
accounting—Specifies the accounting options 
address-assignment—Specify the address assignment pool 


authentication-order—Order in which authentication mechanisms are used 
Values: 
e Idap—Light weight directory access protocol 


e none—No authentication performed 

e password—Locally configured password in access profile 
e radius—Remote authentication dial-in user service 

e s6a—Séa authentication 


e securid—RSA secure ID authentication 


charging-service-list—List of used 3gpp charging services 


Values: 
e ocs—Online charging service 


client—Entity requesting access 

client-name-filter—Restrictions on client names authenticated on this server 
domain-name-server—Default DNS server's IPv4 address 
domain-name-server-inet—DNS server's IPv4 address 
domain-name-server-inet6—DNS server's IPv6 address 

jsrc—Set of JSRC configurations 

Idap-options—Light weight directory access protocol options 
Idap-server—Light weight directory access protocol server 


preauthentication-order—Order in which pre authentication mechanisms are used 
Values: 
e radius—Remote Authentication Dial-In User Service 


radius—Set of RADIUS configurations 
radius-options—RADIUS options 


radius-server—RADIUS server configuration 
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session-limit-per-username—Maximum number of sessions allowed per username 
Range: 1 through 16 


session-options—Options for an authenticated client's session 
subscriber—Locally authenticated subscriber configuration 


wins-server—Default WINS server's IPv4 address 


Required Privilege Level 
access—To view this statement in the configuration. 
access-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
Understanding User Authentication for Security Devices 


Ethernet Switching and Layer 2 Transparent Mode Overview 
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| profiles 


Syntax 


profiles { 
profile-name { 
sip-user-id simple-ip-user-id; 
sip-password simple-ip-password; 
access-point-name apn; 
authentication-method (pap | chap | none); 


Hierarchy Level 


[edit interfaces interface-name cellular-options gsm-options] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 
Configure a profile to establish a data call with a Global System for Mobile Communications (GSM) cellular 
network. You can configure up to 16 profiles. 


Options 


profile-name—Name of the profile. 


The remaining statements are explained separately. See CLI Explorer. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
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| promiscuous-mode (Interfaces) 


Syntax 


promiscuous-mode; 


Hierarchy Level 


[edit interfaces interface-name | 


Release Information 
Statement introduced in Junos OS Release 10.1. 


Description 

Enable promiscuous mode on Layer 3 Ethernet interfaces. When promiscuous mode is enabled on an 
interface, all packets received on the interface are sent to the central point or Services Processing Unit 
regardless of the destination MAC address of the packet. 


You can also enable promiscuous mode on chassis cluster redundant Ethernet interfaces and on aggregated 
Ethernet interfaces. If you enable promiscuous mode on a redundant Ethernet interface, promiscuous 
mode is then enabled on any child physical interfaces. If you enable promiscuous mode on an aggregated 
Ethernet interface, promiscuous mode is then enabled on all member interfaces. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Enabling and Disabling Promiscuous Mode on Ethernet Interfaces (CLI Procedure) 
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| quality (Interfaces) 


Syntax 


quality <value>; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number radio—router ] 


Release Information 
Statement introduced in Junos OS Release 10.1. 


Description 


This option controls relative link quality weight (value 0-100). 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


PPPoE-Based Radio-to-Router Protocols Overview 
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| r2cp 
Syntax 


r2cp { 
command binary-file-path; 
disable; 


Hierarchy Level 


[edit system processes] 


Release Information 
Statement introduced in Junos OS Release 9.2. 


Description 
Specify the Radio-to-Router Control Protocol (R2CP) used to exchange dynamic metric changes in the 
network that routers use to update the OSPF topologies. 


Options 
e command binary-file-path—Path to the binary process. 


e disable—Disable the Radio-to-Router Control Protocol process. 


Required Privilege Level 
system—To view this statement in the configuration. 
system-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


PPPoE-Based Radio-to-Router Protocols Overview 
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| radio-router (Interfaces) 


Syntax 


radio-router { 

bandwidth number; 
credit { 

interval number; 
} 
data-rate number; 
latency number; 
quality number; 
resource number; 
threshold number; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number] 


Release Information 
Statement introduced in Junos OS Release 10.1. 


Description 


Point-to-Point Protocol over Ethernet (PPPoE)-based radio-to-router protocols include messages that 
define how an external system will provide the device with timely information about the quality of a link's 
connection. They also include a flow control mechanism to indicate how much data the device can forward. 
The device can then use the information provided in the PPPoE messages to dynamically adjust the interface 
speed of PPP links. 


Options 


The remaining statements are explained separately. See CLI Explorer. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


PPPoE-Based Radio-to-Router Protocols Overview 
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| redial-delay 


Syntax 


redial-delay time; 


Hierarchy Level 


[edit interfaces dln unit logical-unit-number dialer-options], 
[edit logical-systems logical-system-name interfaces dln unit logical-unit-number dialer-options] 


Release Information 
Statement introduced in Junos OS Release 7.5. 


Description 

On J Series Services Routers with interfaces configured for ISDN with dialout, specify the delay (in seconds) 
between two successive calls made by the dialer. To configure callback mode, include the callback statement 
at the [edit interfaces dln unit logical-unit-number dialer-options] hierarchy level. 


If the callback statement is configured, you cannot use the caller caller-id statement at the [edit interfaces 
din unit logical-unit-number dialer-options] hierarchy level. 


Options 
time—Delay (in seconds) between two successive calls. 
Range: 2 through 255 seconds 


Default: 3 seconds 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


ISDN Interfaces Overview 


Junos OS Interfaces and Routing Configuration Guide 
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| redundancy-group (Interfaces) 


Syntax 


redundancy-group number ; 


Hierarchy Level 


[edit interfaces interface-name redundant-ether-options] 


Release Information 
Statement introduced in Junos OS Release 9.0. 


Description 


Specify the redundancy group that a redundant Ethernet interface belongs to. 


Options 
number —Number of the redundancy group that the redundant interface belongs to. Failover properties 
of the interface are inherited from the redundancy group. 

Range: 1 through 255 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Interfaces User Guide for Security Devices 
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| redundant-ether-options 


Syntax 


redundant-ether-options { 

(flow-control | no-flow-control); 
lacp { 

(active | passive); 

periodic (fast | slow); 
} 
link-speed speed; 
(loopback | no-loopback); 
minimum-links number; 
redundancy-group number; 
source-address-filter mac-address; 
(source-filtering | no-source-filtering); 


Hierarchy Level 


[edit interfaces interface-name] 


Release Information 
Statement introduced in Junos OS Release 9.2. 


Description 


Configure Ethernet redundancy options for a chassis cluster. 


In a chassis cluster setup, a redundant Ethernet interface is a pseudointerface that includes at minimum 
one physical interface from each node of the cluster. 


A reth is a special type of interface that has the characteristics of aggregated Ethernet interface. 


Options 


flow-control—Enable flow control. 


link-speed—Link speed of individual interface that joins the reth interface. 


Values: 
e 100m—Links are 100 Mbps 


e 10g—Links are 10 Gbps 
e 10m-—Links are 10 Mbps 
e 1g—Links are 1Gbps 


loopback—Enable loopback. 


minimum-links—Minimum number of active links. 
Default: 1 
Range: 1-8 


no-flow-control—Do not enable flow control. 
no-loopback—Do not enable loopback. 
no-source-filtering—Do not enable source address filtering. 


redundancy-group—Redundancy group of this interface. 
Range: 1-128 


source-filtering—Enable source address filtering. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Example: Enabling Eight-Queue Class of Service on Redundant Ethernet Interfaces on SRX Series Devices in 
a Chassis Cluster 


Example: Configuring Chassis Cluster Redundant Ethernet Interfaces 
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| redundant-parent (Interfaces Fast Ethernet) 


Syntax 


redundant-parent interface-name; 


Hierarchy Level 


[edit interfaces interface-name fastether-options] 
Release Information 
Statement introduced in Junos OS Release 9.2. 


Description 


Configure Fast Ethernet-specific interface properties for Ethernet redundancy in a chassis cluster. 


Options 


interface —Parent redundant interface of the Fast Ethernet interface. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
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| redundant-parent (Interfaces Gigabit Ethernet) 


Syntax 


redundant-parent interface-name; 


Hierarchy Level 


[edit interfaces interface-name gigether-options] 
Release Information 
Statement introduced in Release 9.0 of Junos OS. 


Description 


Configure Gigabit Ethernet-specific interface properties for Ethernet redundancy in a chassis cluster. 


Options 


interface —Parent redundant interface of the Gigabit Ethernet interface. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces Configuration Guide for Security Devices 
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| request pppoe connect 


Syntax 


request pppoe connect 


Release Information 

Statement supported on SRX300, SRX320, SRX340, and SRX345 is introduced in Junos OS Release 
15.1X49-D60. 

Statement supported on SRX1500 and vSRX instances is introduced in Junos OS Release 15.1X49-D100. 


Description 


Connect all sessions that are down. 


Options 


pppoe interface name— (Optional) Connect to a specified session. 


Required Privilege Level 
maintenance 


RELATED DOCUMENTATION 


Understanding PPPoE Interfaces | 347 
Example: Configuring PPPoE Interfaces | 347 


List of Sample Output 
request pppoe connect on page 701 


Output Fields 


When you enter this command, this command returns no output. 


Sample Output 


request pppoe connect 


user@host> request pppoe connect 
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| request pppoe disconnect 


Syntax 


request pppoe disconnect 


Release Information 

Statement supported on SRX300, SRX320, SRX340, and SRX345 is introduced in Junos OS Release 
15.1X49-D60. 

Statement supported on SRX1500 and vSRX instances is introduced in Junos OS Release 15.1X49-D100. 


Description 


Disconnect all active sessions. 


Options 


session id — (Optional) Disconnect the session for which the session ID is specified. 


pppoe interface name— (Optional) Disconnect the session for a specific pppoe interface name. 


Required Privilege Level 
maintenance 


RELATED DOCUMENTATION 


Understanding PPPoE Interfaces | 347 
Example: Configuring PPPoE Interfaces | 347 


List of Sample Output 
request pppoe disconnect on page 702 


Output Fields 


When you enter this command, this command returns no output. 


| Sample Output 


request pppoe disconnect 


user@host> request pppoe disconnect 
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| resource (Interfaces) 


Syntax 


resource number; 


Hierarchy Level 


[edit interfaces interface-name radio—router ] 


Release Information 
Statement introduced in Junos OS Release 10.1. 


Description 


This option controls the resource weight (value 1-100). 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


PPPoE-Based Radio-to-Router Protocols Overview 


704 


| retransmission-attempt (DHCP Client) 


Syntax 


retransmission-attempt number, 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number family inet dhcp] 


Release Information 

Statement introduced in Junos OS Release 8.5 for J Series devices. 
Statement introduced in Junos OS Release 9.0 for EX Series switches. 
Statement introduced in Junos OS Release 9.2 for SRX Series devices. 
Statement introduced in Junos OS Release 14.1X53-D20 for the OCX Series. 


Description 

Specify the number of times the device retransmits a Dynamic Host Control Protocol (DHCP) packet if a 
DHCP server fails to respond. After the specified number of attempts, no further attempts at reaching a 
server are made. 


Options 

number—Number of retransmit attempts. 
Range: O through 6 
Default: 4 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring a DHCP Client 
interfaces 
unit 


family 
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| retransmission-interval (DHCP Client) 


Syntax 


retransmission-interval seconds; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number family family-name dhcp] 


Release Information 
Statement introduced in Release 8.5 of Junos OS. 


Description 


Specify the time between successive retransmission attempts. 


Options 
seconds—Number of seconds between successive retransmission. 
Range: 4 through 64 seconds 


Default: 4 seconds 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Initial Configuration Guide for Security Devices 
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| roaming-mode 


Syntax 


roaming-mode (home-only | automatic) 


Hierarchy Level 


[edit interfaces interface-name cellular-options] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 


Specify whether the 3G wireless modem interface can access networks other than the home network. 


Options 
e home-only—No roaming is allowed. 


e automatic—Allows access to networks other than the home network. This is the default. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
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| scheduler-map (CoS Virtual Channels) 


Syntax 


scheduler-map map-name; 


Hierarchy Level 


[edit class-of-service virtual-channel-groups group-name virtual-channel-name] 


Release Information 
Statement introduced in Junos OS Release 9.2. 


Description 


Apply a scheduler map to this virtual channel. 


Options 


map-name—Name of the scheduler map. 
The remaining statements are explained separately. See CLI Explorer. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


default (CoS) 

shaping-rate (CoS Virtual Channels) 
virtual-channel-group (CoS Interfaces) 
virtual-channel-groups 


virtual-channels 
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| select-profile 


Syntax 


select-profile profile-name 


Hierarchy Level 


[edit interfaces interface-name cellular-options gsm-options] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 
Select the active profile to establish a data call with a Global System for Mobile Communications (GSM) 
cellular network. 


Options 


profile-name—Name of a configured profile that is to be used to establish a data call. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
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| server-address 


Syntax 


server-address ip-address; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number family inet dhcp] 


Release Information 

Statement introduced in Junos OS Release 8.5 for J Series devices. 
Statement introduced in Junos OS Release 9.0 for EX Series switches. 
Statement introduced in Junos OS Release 9.2 for SRX Series devices. 
Statement introduced in Junos OS Release 14.1X53-D20 for the OCX Series. 


Description 

Specify the address of the DHCP server that the client should accept DHCP offers from. If this option is 
included in the DHCP configuration, the client accepts offers only from this server and ignores all other 
offers. 


Default 


The client accepts the first offer it receives from any DHCP server. 


Options 
ip-address—DHCP server address. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring a DHCP Client 
interfaces 
unit 


family 
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| shaping-rate (CoS Interfaces) 


Syntax 


shaping-rate rate <overhead bytes> ; 


Hierarchy Level 


[edit class-of-service interfaces interface-name], 
[edit class-of-service interfaces interface-name unit logical-unit-number] 


Release Information 
Statement introduced in Junos OS Release 9.2. 
overhead option introduced in Junos OS Release 18.1. 


Description 
For logical interfaces on which you configure packet scheduling, configure traffic shaping by specifying 
the amount of bandwidth to be allocated to the logical interface. 


Logical and physical interface traffic shaping can be configured together. This means you can include the 
shaping-rate statement at the [edit class-of-service interfaces interface interface-name] hierarchy level 
and the [edit class-of-service interfaces interface interface-name unit logical-unit-number] hierarchy level. 
If you configure traffic shaping at both the logical and physical interface levels, the logical interface shaping 
credit is checked and updated before the physical interface shaping credit. 


Alternatively, you can configure a shaping rate for a logical interface and oversubscribe the physical 
interface by including the shaping-rate statement at the [edit class-of-service traffic-control-profiles] 
hierarchy level. With this configuration approach, you can independently control the delay-buffer rate. 


On the physical interface, you can set the Layer 2 overhead adjustment to the shaping rate calculation at 
egress. 


Default 

If you do not include this statement at the [edit class-of-service interfaces interface interface-name unit 
logical-unit-number] hierarchy level, the default logical interface bandwidth is the average of unused 
bandwidth for the number of logical interfaces that require default bandwidth treatment. If you do not 
include this statement at the [edit class-of-service interfaces interface interface-name] hierarchy level, 
the default physical interface bandwidth is the average of unused bandwidth for the number of physical 
interfaces that require default bandwidth treatment. 


Options 


rate—Peak rate, in bits per second (bps). You can specify a value in bits per second either as a complete 
decimal number or as a decimal number followed by the abbreviation k (1000), m (1,000,000), or 
g (1,000,000,000). 


Range: 1000 through 6,400,000,000,000 bps 


overhead—Layer 2 shaping overhead adjustment to be applied at egress (bytes). 
Range: -62 through 192 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


policer-overhead 
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| simple-filter (Interfaces) 


Syntax 


simple-filter; 


Hierarchy Level 


[edit interfaces interfaces-name unit logical-unit-number family family-name] 
Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 


Apply a simple filter to an interface. You can apply simple filters on ingress interfaces only. 


Options 


input filter-name: Name of one filter to evaluate when packets are received on the interface. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
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| sip-password 
Syntax 


sip-password simple-ip-password; 


Hierarchy Level 


[edit interfaces interface-name cellular-options gsm-options profiles profile-name] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 
Configure the password provided by the service provider for connection to a Global System for Mobile 
Communications (GSM) cellular network. 


Options 


simple-ip-password—Password. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
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| sip-user-id 
Syntax 


sip-user-id simple-ip-user-id; 


Hierarchy Level 


[edit interfaces interface-name cellular-options gsm-options profiles profile-name] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 
Configure the username provided by the service provider for connection to a Global System for Mobile 
Communications (GSM) cellular network. 


Options 


simple-ip-user-id—Username. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 
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| source-address-filter (Interfaces) 


Syntax 


source-address-filter mac-address; 


Hierarchy Level 


[edit interfaces interface-name redundant-ether-options] 


Release Information 
Statement modified in Junos OS Release 9.2. 


Description 

For redundant Ethernet interfaces, specify the MAC addresses from which the interface can receive 
packets. For this statement to have any effect, you must include the source-filtering statement in the 
configuration to enable source address filtering. 


Be sure to update the MAC address if the remote Ethernet card is replaced. Replacing the interface card 
changes the MAC address. Otherwise, the interface cannot receive packets from the new card. 


NOTE: 
e Software based MAC limiting is supported on SRX300, SRX320, and SRX340 devices. 


A maximum of 32 devices are supported per device. 


Options 

mac-address —MAC address filter. You can specify the MAC address as six hexadecimal bytes in one of 
the following formats: nn:nn:nn:nn:nn:nn:nn (for example, 00:11:22:33:44:55) or nnnn:nnnn:nnnn (for 
example, 0011.2233.4455). You can configure up to 64 source addresses. To specify more than one 
address, include multiple mac-address options in the source-address-filter statement. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
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| source-filtering (Interfaces) 


Syntax 


(source-filtering | no-source-filtering); 


Hierarchy Level 


[edit interfaces interface-name redundant-ether-options] 


Release Information 
Statement modified in Junos OS Release 9.2. 


Description 

For redundant Ethernet interfaces, enable the filtering of MAC source addresses, which blocks all incoming 
packets to that interface. To allow the interface to receive packets from specific MAC addresses, include 
the source-address-filter statement. 


If the remote Ethernet card is changed, the interface cannot receive packets from the new card because 
it has a different MAC address. 


By default, source address filtering is disabled. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
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| speed (Interfaces) 


Syntax 


speed (100m |10m | 1); 


Hierarchy Level 


[edit interfaces interface-name speed] 


Release Information 
Command introduced in Junos OS Release 10.2. 


Description 
Configure the operating speed for the 2-Port 10 Gigabit Ethernet XPIM. 


Options 

e 100m — Link speed of 100 Mbps 
e 10g — Link speed of 10 Gbps 

e 10m — Link speed of 10 Mbps 

e 1g — Link speed of 1 Gbps 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 
Example: Configuring the 2-Port 10-Gigabit Ethernet XPIM Interface | 265 
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| speed (Gigabit Ethernet interface) 


Syntax 


speed (1g |10g); 


Hierarchy Level 


[edit interfaces interface-name gigether-options] 


Release Information 
Statement introduced in Junos OS Release 18.1R1 for SRX4600. 


Description 

Configure the operating speed of the 8-port 10-Gigabit Ethernet PIC from default 10-Gbps port speed to 
1-Gbps port speed. Each of the interfaces in the 8-port 10-Gigabit Ethernet PIC can be independently 
configured to 1Gbps or 10Gbps speeds. For information about platforms support, see hardware compatibility 
tool (HCT). 


Autonegotiation is automatically disabled when 1-Gbps speed is configured on the interfaces. 


On 1/10-Gbps capable Gigabit Ethernet SFP interfaces, the duplex is always full and the speed matches 
that of the inserted optic. These interfaces support either 1-Gbps or 10-Gbps SFP optics. For SRX devices, 
the display and configuration is always xe- only, even if a 1G optic is inserted. The xe- value is used to 
denote that the interface is 10G capable. If a 1G optic is used, show commands for the interface will display 
the correct speed, but the config will always show as xe-. If a speed configuration is changed, you cannot 
change it again in the next 180 seconds. The interface link might drop down, if you try to change the speed 
configuration again within 180 seconds of the first speed configuration change. The 8x10-Gbps ports 
supports multiple port speeds, that is, some ports operates at 10G speed and some at 1G speed. To view 
the speed configured for the interface, execute the show interfaces extensive command. The Speed 
Configuration field's value of 1G or AUTO in the command output indicates whether the current operation 
speed of the interface is 1 Gbps or the default 10 Gbps, respectively. 


Options 
e 1g — Link speed of 1 Gbps 
e 10g — Link speed of 10 Gbps 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


| speed (Chassis Cluster) | 1010 


spid1 
Syntax 


spid1 spid1-string; 


Hierarchy Level 


[edit interfaces br-pim/O/port isdn-options] 
Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 
Configure the Service Profile Identifier (SPID). 


Options 
spid1-string—Numeric SPID. 


Required Privilege Level 
interface—To view this statement in the configuration. 


interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 


719 


720 


| spid2 
Syntax 


spid2 spid2-string; 


Hierarchy Level 


[edit interfaces br-pim/O/port isdn-options] 
Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 


Configure an additional SPID. 


Options 
spid2-string—Numeric SPID. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 
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| static-tei-val 
Syntax 


static-tei-val value; 


Hierarchy Level 


[edit interfaces br-pim/O/port isdn-options] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 

For J Series Services Routers only. Statically configure the Terminal Endpoint Identifier (TEI) value. The 
TEI value represents any ISDN-capable device attached to an ISDN network that is the terminal endpoint. 
TEls are used to distinguish between several different devices using the same ISDN links. 


Options 
value—Value between O through 63. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 
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| switch-type 
Syntax 


switch-type (att5e | etsi | ni1 | ntdms-100) 


Hierarchy Level 


[edit interfaces br-pim/O/port isdn-options] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 


For J Series Services Routers only. Configure the ISDN variant supported. 


Options 
att5e—ATS&T switch variant. 


etsi—European Telecommunications Standards Institute switch variant. 
ni1—National ISDN 1 switch variant. 
ntdms-100—Northern Telecom DMS-100. 


ntt—NTT Group switch for Japan. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 
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| t310 


Syntax 


t310-value seconds; 


Hierarchy Level 


[edit interfaces br-pim/O/port isdn-options] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 
For ISDN interfaces, configure the Q.931-specific timer for T310, in seconds. The Q.931 protocol is 
involved in the setup and termination of connections. 


Options 

seconds—Timer value, in seconds. 
Range: 1 through 65,536 seconds 
Default: 10 seconds 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 


724 


| tei-option 
Syntax 


tei-option (first-call | power-up); 


Hierarchy Level 


[edit interfaces br-pim/O/portisdn-options ] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 
For ISDN interfaces, configure when the Terminal Endpoint Identifier (TEl) negotiates with the ISDN 
provider. 


Options 


first-call—Activation does not occur until the call setup is sent. 


power-up—Activation occurs when the Services Router is powered on. 


Default: power-up 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 
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telemetries (PoE) 


Syntax 


telemetries { 
disable; 
duration hours; 
interval minutes; 


Hierarchy Level 


[edit poe interface (all | interface-name)] 


Release Information 
Statement introduced in Junos OS Release 9.5. 


Description 
Allow logging of per-port PoE power consumption. The telemetries section must be explicitly specified to 
enable logging. If left unspecified, telemetries is disabled by default. 


Default 


If the telemetries statement is specified, logging is enabled with the default values for interval and duration. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Example: Configuring PoE on All Interfaces | 306 
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template-refresh-rate (Services) 


Syntax 


template-refresh-rate; 


Hierarchy Level 


[edit services flow-monitoring version9 template template-name] 
Release Information 
Statement introduced in Junos OS Release 10.4. 


Description 


Specify the template refresh rate. 


Options 
e packets—Specify the number of packets. The range is from 1 through 480,000. 


e seconds—Specify the number of seconds. The range is from 10 through 600. 


Required Privilege Level 
services—To view this statement in the configuration. 
services-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 


727 


threshold (Interfaces) 


Syntax 


threshold <value>; 


Hierarchy Level 


[edit interfaces interface-name radio-router ] 
Release Information 
Statement introduced in Junos OS Release 10.1. 


Description 


This option controls the percentage of bandwidth change required for routing updates. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


PPPoE-Based Radio-to-Router Protocols Overview 
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| traceoptions (Interfaces) 


Syntax 


traceoptions 


Hierarchy Level 


[edit interfaces interface-name traceoptions] 
Release Information 
Command introduced in Junos OS Release 10.1. 


Description 
Define tracing operations for individual interfaces. To specify more than one tracing operation, include 
multiple flag statements. 


Options 


flag - Tracing parameters 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


PPPoE-Based Radio-to-Router Protocols Overview 
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| update-server 


Syntax 


update-server; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number family inet dhcp] 


Release Information 

Statement introduced in Junos OS Release 8.5 for J Series devices. 
Statement introduced in Junos OS Release 9.0 for EX Series switches. 
Statement introduced in Junos OS Release 9.2 for SRX Series devices. 
Statement introduced in Junos OS Release 14.1X53-D20 for the OCX Series. 


Description 
Propagate TCP/IP settings learned from an external DHCP server to the DHCP server running on the 
switch, router, or device. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Configuring a DHCP Client 
Example: Configuring the Device as a DHCP Client 
interfaces 


unit 





family 
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| vbr rate 


Syntax 


vbr rate; 


Hierarchy Level 


[edit interfaces interface-name atm-options vpi vpi-identifier shaping] 


Release Information 
Command introduced in Junos OS Release 9.5. 


Description 


For ATM encapsulation only, define a variable bit rate bandwidth utilization in the traffic-shaping profile. 
Options 

e Burst Size-The maximum burst size that can be sent at the peak rate. 

e Peak Rate-The maximum instantaneous rate at which the user will transmit. 

e Sustained Rate-The average rate as measured over a long interval. 


e CDVT-Cell Delay Variation Tolerance in microseconds (range: 1 - 9999). 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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vdsl-profile 


Syntax 


vdsl-profile 


Hierarchy Level 


[edit interfaces interface-name vdsl-options] 


Release Information 
Command introduced in Junos OS Release 10.1. 


Description 
Configure the type of VDSL2 profiles. A profile is a table that contains a list of preconfigured VDSL2 
settings. 


Options 

e Auto (default) 
e 8a 

e 8b 

e 8c 

e 8d 

e 12a 

e 12b 

e 17a 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


VDSL2 Interface Support on SRX Series Devices 
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| vendor-id (Interfaces) 


Syntax 


vendor-id vendor-id ; 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number family family-name dhcp] 
Release Information 
Statement introduced in Junos OS Release 9.2. 


Description 


Configure a vendor class ID for the Dynamic Host Configuration Protocol (DHCP) client. 


Options 


vendor-id —vendor class ID. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| watch-list 


Syntax 


watch-list { 


[ routes ]; 


Hierarchy Level 


[edit interfaces dln unit logical-unit-number dialer-options] 


Release Information 
Statement introduced before Junos OS Release 7.4. 


Description 


On J Series Services Routers with ISDN interfaces, configure an ISDN list of routes to watch. Used only 
for dialer watch. 


Options 
routes—IP prefix of a route. Specify one or more. The primary interface is considered up if there is at least 
one valid route for any of the addresses in the watch list to an interface other than the backup interface. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Junos OS Interfaces and Routing Configuration Guide 
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web-authentication (Interfaces) 


Syntax 


web-authentication { 
http; 
https; 
redirect-to-https; 

} 


Hierarchy Level 


[edit interfaces interface-name unit logical-unit-number family family-name address address ] 


Release Information 

Statement introduced in Junos OS Release 9.2. 

Support for https and redirect-to-https introduced for SRX5400, SRX5600, and SRX5800 Services Gateways 
starting from Junos OS Release 12.1X44-D10 and on vSRX, SRX300, SRX320, SRX340, SRX345, SRX380, 
SRX550, and SRX1500 Services Gateways starting from Junos OS Release 15.1X49-D40. 


Description 


Enable the Web authentication process for firewall user authentication. 


Options 
http—Enable HTTP service. 


https—Enable authentication through HTTPS. 


redirect-to-https—Redirect Web authentication to HTTPS. 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 
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| wlan 


Syntax (SRX Series) 


wlan { 
access-point name { 
description description; 
interface wl interface; 
access-point-options { 
country country-code; 
} 
location location; 
mac-address mac-address; 
radio (1| 2) { 
radio-options { 
channel { 
number (auto | channel-number); 
bandwidth (20 | 40 | 80); 
} 
mode (gn | an | acn); 
radio-off; 
transmit-power percent; 


} 


} 

virtual-access-point id { 
description description; 
no-broadcast-ssid; 
maximum-stations number; 
station-isolation; 
upload-limit upload-limit-rate; 
download-limit download-limit-rate; 
ssid ssid; 
vlan vlan-id; 
station-mac-filter (allow-list | deny-list) { 

mac-address addr1 addr2; 


} 
security { 
none; 
wpa-enterprise { 
cipher-suites ccmp; 
radius-server ip-address; 
radius-port port; 
radius-key secret-key; 


Wpa-version v2; 

} 

wpa-personal { 
cipher-suites ccmp; 
key (ascii | hex) key; 
wpa-version v2; 


Hierarchy Level 


[edit wlan access-point name] 


Release Information 


Statement introduced in Junos OS Release 19.4R1 for SRX Series devices. 
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Description 
Configure WLAN properties on SRX Series devices. 


In HA mode, there is only one WAP active, the other WAP is inactive. WIFI clients always associate to 
active WAP. Below are the list of events which will trigger WAP failover: 


e Detect WAP abnormal 
e The primary WLAN interface is down 
e Redundant group which WLAN interface belongs to failover manually 


e The node which primary WLAN interface belongs to is failure 


After WAP failover occurred, the original inactive WAP is changed to active and the WIFI client sessions 
reconnect to the new primary WAP. 


With HA mode, WLAND process runs on both nodes. The WLAND on primary node is responsible to push 
the WLAN configuration to PFE on two nodes, and then PFE forwards the configuration to local WAP 
card, so two WAP cards will have the same configuration. 


To monitor WAP status, WLAND find the WAP to be abnormal, it can trigger redundant group failover. 
In L3 mode, WAP activity monitor is configured by default for WLAN HA using the commands set chassis 
cluster redundancy-group 1 interface-monitor wl-2/0/0 weight 255 and set chassis cluster 
redundancy-group 1 interface-monitor wl-7/0/0 weight 255. 


The new primary WAP will be active. And the abnormal WAP card will be restarted and go to inactive 
state. The WIFI client will reconnect to the active WAP automatically since the configuration (radio, channel, 
bandwidth, ssid, and so on) on active WAP is same as the original WAP. 
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Options 


access-point name—Name of the wireless access point. 


interface—Wireless LAN interface (wl-x/0/0) created for the access-point setting. 


To support WAP mPIM HA, you can configure two WLAN interfaces (wl-x/0/0) and (wl-y/0/0) on 
both nodes, then the WLAN configuration for access-point is pushed to the two WAP cards on both 
the nodes. 


description—Description of the access point and virtual access point (VAP). The maximum length is 64 
characters. 


country—The country code. 
location—Location of the access point. The maximum number of characters you can use is 64. 


channel number (auto | channel number)—Channel number of the radio. If you select auto, then the 
Mini-PIM chooses the channel automatically. 


bandwidth—Radio 1 (5 GHz) supports bandwidth of 2OMHz, 40MHz, and 80MHz, whereas Radio 2 (2.4 
GHz) supports bandwidth of 2OMHz and 40MHz. The default value is 2OMHz for 2.4GHz and 40MHz 
for 5GHz. 


radio modes (an | acn | gn)—Mode for the radio operation. 
Radio 1 supports the following modes: 
e an—802.11a and 802.11n clients operating in 5-GHz frequency can connect to the access point. 


e acn—802.11a, 802.11b, 802.11n and 802.11ac clients operating in 5-GHz frequency can connect 
to the access point. 


Radio 2 supports the following mode: 


e gn—802.11¢, 802.11b, and 802.11n clients operating in 2.4-GHz frequency can connect to the 
access point. This is the default mode for this radio. 


e radio-off—Radio is turned off. 


e transmit-power—The percentage of transmit power. 
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NOTE: When you configure the transmit power, the Mini-PIM card will fix transmit 
power to the specified value set, in this case the power by rate functionality does not 
work. So it is recommended not to set transmit power to a specified value. When you 
do not configure the transmit power (do not fix the transmit power to a specified 
value), the power by rate functionality works. If you configure the transmit power 
percentage to 100, then it chooses the option "auto", the behavior is same as no 
transmit power configuration is done and power by rate functionality will work. 
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no-broadcast-ssid— Disable broadcast SSID. By default, the broadcast SSID is enabled. 


maximum-stations—The number of maximum clients that can be connected to the virtual access point. 
The range is 1 through 127. 


station-isolation—lsolate the clients connected to the same VAP. 


security (none | wpa-enterprise | wpa-personal)—Security settings for the VAP. WPA enterprise is a Wi-Fi 
Alliance standard that uses RADIUS server authentication with AES-CCMP. This mode allows the use 
of high-security encryption along with centrally managed user authentication. WPA personal is a Wi-Fi 
Alliance standard that uses preshared key (PSK) authentication with AES-CCMP. Only WPA2 standards 
are supported on Wi-Fi Mini-PIM. 


none—No security. The data transferred between clients and the access point is not encrypted. This method 
allows clients to associate with the access point without any authentication. 


cipher-suites (ccmp)—Select the appropriate WPA cipher algorithm. The value is CCMP algorithms. 
radius-server—IP address of the radius server. 

radius-port—Port number of the RADIUSs server. The default value is 1812. 

radius-key —Secret key of the RADIUS. The maximum number of characters you can use is 64. 


key (ascii | hex)—WPA shared key. The range of key length is 8 through 63 for ASCII or 8 through 64 
hexadecimal characters. 


wpa-version (v2)—Version of the WPA version. Only supported value is WPA2. 
upload-limit— Specify the upload rate limit. The range is from 256 Kbps through 1,048,576 Kbps. 
download-limit —Specify the download rate limit. The range is from 256 Kbps through 1,048,576 Kbps. 


ssid—SSID value for the virtual access point. The range is 2 through 32. SSID value can include only letters, 
numbers and five special characters—hyphen (-), underscore (_), at (@), hash (#), and period (.) in the 
value of the SSID. 


vlan-id—VLAN ID for the virtual access point. The range is 1 through 4094. The default value is 1. 


station-mac-filter (allow-list| deny-list)—Specify the MAC filter. You can set either allow the mac address 
list or deny it. The MAC address format is like xx:xx:xx:xx:xx:xx. The maximum number of the MAC 
addresses listed is 16. 


Required Privilege Level 

routing—To view this statement in the configuration. 
routing-control—To add this statement to the configuration. 
system—To view this statement in the configuration. 
system-control—To add this statement to the configuration. 
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RELATED DOCUMENTATION 


Wi-Fi Mini-Physical Interface Module Overview | 463 
Configure Wi-Fi Mini-PIM | 464 


CHAPTER 12 


Operational Commands 


IN THIS CHAPTER 
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show modem wireless profiles | 976 
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show oam ethernet link-fault-management | 978 

show poe controller (View) | 985 

show pppoe interfaces | 987 

show pppoe statistics | 992 

show poe telemetries | 995 

show services accounting | 997 

show services accounting aggregation (View) | 1000 

show services accounting aggregation template (View) | 1001 
show services accounting flow-detail (View) | 1002 

show wlan access-points | 1003 


speed (Chassis Cluster) | 1010 
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| clear oam ethernet connectivity-fault-management path-database 


Syntax 


clear oam ethernet connectivity-fault-management path-database maintenance-domain md-name 
maintenance-association ma-name host <mac-addr> 


Release Information 
Statement introduced in Junos OS Release 12.1X44-D10. 


Description 


Clear the relevant path information from the database for the specified remote host. 


Options 


host—MAC address of remote host in xx:xx:xx:xx:Xx:xx format. 
maintenance-association —Name of the maintenance association. 


maintenance-domain —Name of the maintenance domain. 


Required Privilege Level 
clear 


RELATED DOCUMENTATION 


show oam ethernet connectivity-fault-management path-database 


List of Sample Output 
clear oam ethernet connectivity-fault- management path-database on page 744 


| Sample Output 


clear oam ethernet connectivity-fault- management path-database 


user@host> clear oam ethernet connectivity-fault-management path-database maintenance-domain 


private maintenance-association private-ma 00:00:5E:00:53:AA 


Path databas ntries cleared for the remote-host 
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| clear dhcpv6 server binding (Local Server) 


Syntax 


clear dhcpvé server binding 

<all | client-id | ip-address | session-id> 
<interface interface-name> 
<routing-instance routing-instance-name> 


Release Information 
Command introduced in Junos OS Release 10.4. 


Description 
Clear the binding state of a DHCPvé6 client from the client table on the DHCPvé6 local server. 


Options 
e all—(Optional) Clear the binding state for all DHCPvé6 clients. 


client-id—(Optional) Clear the binding state for the DHCPvé6 client with the specified client ID (option 
1). 


ip-address—(Optional) Clear the binding state for the DHCPvé6 client with the specified address. 


session-id—(Optional) Clear the binding state for the DHCPvé6 client with the specified session ID. 


interface interface-name—(Optional) Clear the binding state for DHCPvé6 clients on the specified interface. 


routing-instance routing-instance-name—(Optional) Clear the binding state for DHCPvé6 clients on the 


specified routing instance. 


Required Privilege Level 
clear 


RELATED DOCUMENTATION 


show dhcpvé6 server binding (View) 
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| clear ethernet-switching statistics mac-learning 


Syntax 


clear ethernet-switching statistics mac-learning 


Release Information 
Command introduced in Junos OS Release 10.1. 


Description 


Clear the media access control (MAC) learning statistics. 


Options 
e none—Clear MAC learning statistics on all interfaces. 


e interface interface-name—(Optional) Clear MAC learning statistics on the specified interface. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


show ethernet-switching table | 800show ethernet-switching table 


List of Sample Output 
clear ethernet-switching statistics mac-learning on page 746 
clear ethernet-switching statistics mac-learning interface interface-name on page 746 


| Sample Output 
clear ethernet-switching statistics mac-learning 


user@host> clear ethernet-switching statistics mac-learning 


clear ethernet-switching statistics mac-learning interface interface-name 


user@host> clear ethernet-switching statistics mac-learning interface interface-name 
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| clear interfaces statistics swfabx 


Syntax 


clear interfaces statistics <swfabO | swfab1> 


Release Information 
Command introduced in Junos OS Release 11.1. 


Description 


Clear interface statistics for the specified swfab interface. 


Required Privilege Level 
clear 


RELATED DOCUMENTATION 


show interfaces swfabx 


List of Sample Output 
clear interfaces statistics <swfabO | swfab1> on page 747 


Output Fields 


When you enter this command, interface statistics for swfabO and swfab1 are cleared. 


Sample Output 


clear interfaces statistics <swfabO | swfab1> 


user@host> Clear interfaces statistics <swfabO | swfab1> 
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| clear ipv6é neighbors 


Syntax 


clear ipv6 neighbors 
<all | host hostname> 


Release Information 
Command introduced in Junos OS Release 12.1X45-D10. 


Description 


Clear IPv6 neighbor cache information. 


Options 


none—Clear all IPv6 neighbor cache information. 
all—(Optional) Clear all IPv6 neighbor cache information. 


host hostname—(Optional) Clear the information for the specified IPv6 neighbors. 


Required Privilege Level 
clear 


RELATED DOCUMENTATION 


show ipvé neighbors | 961 


List of Sample Output 
clear ipv6 neighbors on page 748 


| Sample Output 


clear ipv6 neighbors 


user@host> clear ipv6é neighbors 


Abeba 2 00:19:e2:4b:61:83 deleted 
aL pomelle Zara 00:19:e2:4b:61:83 deleted 
IMO} LS Be 00:00:0a:00:00:00 deleted 
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| clear lacp statistics interfaces 


Syntax 


clear lacp statistics interfaces <interface-name> 


Release Information 
Command modified in Junos OS Release 10.2. 


Description 
Clear the LACP statistics. If you do not specify an interface name, LACP statistics for all interfaces are 
cleared. 


Options 


interface-name—(Optional) Name of an interface. 


Required Privilege Level 
clear 


RELATED DOCUMENTATION 


show lacp statistics interfaces (View) | 968 


Verifying LACP on Redundant Ethernet Interfaces 


Output Fields 


This command produces no output. 
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| restart (Reset) 


Syntax 


restart 

<application-identification |application-security |audit-process |commitd-service |chassis-control | class-of-service 
|database-replication |datapath-trace-service |ddns |dhcp |dhcp-service |dynamic-flow-capture |disk-monitoring 
|event-processing | ethernet-connectivity-fault-management |ethernet-link-fault-management 
Jextensible-subscriber-services |fipsd |firewall |firewall-authentication-service |general-authentication-service 
|gracefully |gprs-process |idp-policy |immediately |interface-control | ipmi |ipsec-key-management |jflow-service 
|jnu-management |jnx-wmicd-service |jsrp-service |kernel-replication |I2-learning ||2cpd-service |lacp |license-service 
|logical-system-service |mib-process |mountd-service |named-service |network-security |network-security-trace 
|nfsd-service |ntpd-service |pgm |pic-services-logging |profilerd |pki-service |remote-operations |rest-api |routing 
|sampling |sampling-route-record |scc-chassisd |secure-neighbor-discovery |security-intelligence |security-log 
|services |service-deployment |simple-mail-client-service |soft |snmp |static-routed |statistics-service 
|subscriber-management |subscriber-management-helper |system-log-vital |tunnel-oamd |uac-service 
Juser-ad-authentication |vrrp |web-management > 


Release Information 
Command introduced before Junos OS Release 9.2 


Description 


Restart a Junos OS process. 


7 CAUTION: Never restart a software process unless instructed to do so by a customer 
A support engineer. A restart might cause the router to drop calls and interrupt 
transmission, resulting in possible loss of data. 


Options 

e application-identification—(Optional) Restart the process that identifies an application using intrusion 
detection and prevention (IDP) to allow or deny traffic based on applications running on standard or 
nonstandard ports. 


e application-security—(Optional) Restart the application security process. 


e audit-process—(Optional) Restart the RADIUS accounting process that gathers statistical data that can 
be used for general network monitoring, for analyzing and tracking usage patterns, and for billing a user 
based upon the amount of time used or the type of services accessed. 


e chassis-control—(Optional) Restart the chassis management process. 


e class-of-service—(Optional) Restart the class-of-service (CoS) process, which controls the router's or 
switch’s CoS configuration. 
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commitd-service—(Optional) Restart the committed services. 
database-replication—(Optional) Restart the database replication process. 
datapath-trace-service—(Optional) Restart the Restart the packet path tracing process. 


ddns—(Optional) Restart the dynamic domain name system, which dynamically updates IP addresses for 
registered domain names. 


dhcp—(Optional) Restart the software process for a Dynamic Host Configuration Protocol (DHCP) server. 
A DHCP server allocates network IP addresses and delivers configuration settings to client hosts without 
user intervention. 


dhcp-service—(Optional) Restart the Dynamic Host Configuration Protocol process. 


disk-monitoring—(Optional) Restart disk monitoring, which checks the health of the hard disk drive on 
the Routing Engine. 


dynamic-flow-capture—(Optional) Restart the dynamic flow capture (DFC) process, which controls DFC 
configurations on PIC3 monitoring services cards. 


ethernet-connectivity-fault-management—(Optional) Restart the process that provides IEEE 802.1ag 
Operation, Administration, and Maintenance (OAM) connectivity fault management (CFM) database 
information for CFM maintenance association end points (MEPs) in a CFM session. 


ethernet-link-fault-management—(Optional) Restart the process that provides the OAM link fault 
management (LFM) information for Ethernet interfaces. 


event-processing—(Optional) Restart the event process (eventd). 
extensible-subscriber-services—(Optional) Restart the extensible subscriber services process. 
fipsd—(Optional) Restart the fipsd services. 


firewall—(Optional) Restart the firewall management process, which manages the firewall configuration 
and accepts or rejects packets that are transiting an interface on a router or switch. 


firewall-authentication-service—(Optional) Restart the firewall authentication service process. 
general-authentication-service—(Optional) Restart the general authentication process. 
gprs-process—(Optional) Restart the General Packet Radio Service (GPRS) process. 
gracefully—(Optional) Restart the software process. 

idp-policy—(Optional) Restart the intrusion detection and prevention (IDP) protocol process. 
immediately—(Optional) Immediately restart the software process. 


interface-control—(Optional) Restart the interface process, which controls the router's or switch’s physical 
interface devices and logical interfaces. 


ipmi—(Optional) Restart the intelligent platform management interface process. 
ipsec-key-management—(Optional) Restart the IPsec key management process. 


jflow-service—(Optional) Restart jflow service process. 


e jnu-management—(Optional) Restart jnu management process. 
e jnx-wmicd-service—(Optional) Restart jnx wmicd service process. 


e jsrp-service—(Optional) Restart the Juniper Services Redundancy Protocol (jsrdp) process, which controls 
chassis clustering. 


kernel-replication—(Optional) Restart the kernel replication process, which replicates the state of the 
backup Routing Engine when graceful Routing Engine switchover (GRES) is configured. 


lacp—(Optional) Restart the Link Aggregation Control Protocol (LACP) process. LACP provides a 
standardized means for exchanging information between partner systems on a link. The LACP process 
allows link aggregation control instances to reach agreement on the identity of the LAG to which a link 
belongs, moves the link to that LAG, and enables the transmission and reception processes for the link 
to function in an orderly manner. 


I2cpd-service—(SRX5400, SRX5600, and SRX5800 devices only) (Optional) Restart the Layer 2 Control 
Protocol (L2CP) process, which enables features such as L2 protocol tunneling and nonstop bridging. 


12-learning—(Optional) Restart the Layer 2 (L2) address flooding and learning process. 


license-service—(Optional) Restart the feature license management process. 


logical-system-service—(Optional) Restart the logical system service process. 


mib-process—(Optional) Restart the MIB version II process, which provides the router's MIB II agent. 


mountd-service—(Optional) Restart the service for Network File System (NFS) mount requests. 


named-service—(Optional) Restart the DNS Server process, which is used by a router or a switch to 


resolve hostnames into addresses. 
e network-security—(Optional) Restart the network security process. 
e network-security-trace—(Optional) Restart the network security trace process. 


nfsd-service—(Optional) Restart the remote NFS server process, which provides remote file access for 


applications that need NFS-based transport. 


e ntpd-service—(Optional) Restart the Network Time Protocol (NTP) process. 


pgm—(Optional) Restart the process that implements the Pragmatic General Multicast (BGM) protocol 
for assisting in the reliable delivery of multicast packets. 


pic-services-logging—(Optional) Restart the logging process for some PICs. With this process, also known 
as fsad (the file system access daemon), PICs send special logging information to the Routing Engine for 
archiving on the hard disk. 


e pki-service—(Optional) Restart the public key infrastructure (PKI) service process. 


profilerd—(Optional) Restart the profiler process. 


e remote-operations—(Optional) Restart the remote operations process, which provides the ping and 
traceroute MIBs. 
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rest-api—(Optional) Restart the rest api process. 
routing—(Optional) Restart the routing protocol process (rpd). 


sampling—(Optional) Restart the sampling process, which performs packet sampling based on particular 
input interfaces and various fields in the packet header. 


sampling-route-record—(Optional) Restart the sampling route record process. 
scc-chassisd—(Optional) Restart the scc chassisd process. 


secure-neighbor-discovery—(Optional) Restart the secure Neighbor Discovery Protocol (NDP) process, 
which provides support for protecting NDP messages. 


security-intelligence—(Optional) Restart security intelligence process. 
security-log—(Optional) Restart the security log process. 


service-deployment—(Optional) Restart the service deployment process, which enables Junos OS to 
work with the Session and Resource Control (SRC) software. 


services—(Optional) Restart a service. 
simple-mail-client-service—(Optional) Restart the simple mail client service process. 


snmp—(Optional) Restart the SNMP process, which enables the monitoring of network devices from a 
central location and provides the router's or switch’s SNMP master agent. 


static-routed—(Optional) Restart the static routed process. 


soft—(Optional) Reread and reactivate the configuration without completely restarting the software 
processes. For example, BGP peers stay up and the routing table stays constant. Omitting this option 
results in a graceful restart of the software process. 


statistics-service—(Optional) Restart the process that manages the Packet Forwarding Engine statistics. 
subscriber-management—(Optional) Restart the subscriber management process. 
subscriber-management-helper—(Optional) Restart the subscriber management helper process. 
system-log-vital—(Optional) Restart system log vital process. 

tunnel-oamd—(Optional) Restart the tunnel OAM process for L2 tunneled networks. 
uac-service—(Optional) Restart the Unified Access Control (UAC) process. 
user-ad-authentication—(Optional) Restart User ad Authentication process 


vrrp—(Optional) Restart the Virtual Router Redundancy Protocol (VRRP) process, which enables hosts 
on a LAN to make use of redundant routing platforms on that LAN without requiring more than the 
static configuration of a single default route on the hosts. 


web-management—(Optional) Restart the Web management process. 


Required Privilege Level 
reset 
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RELATED DOCUMENTATION 


Restart Commands Overview 


List of Sample Output 
restart interfaces on page 754 


Output Fields 
When you enter this command, you are provided feedback on the status of your request. 


Sample Output 


restart interfaces 


user@host> restart interfaces 


interfaces process terminated 





interfaces process restarted 
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| request modem wireless create-profile 


Syntax 


request modem wireless create-profile interface-name access-point-name access-point-name authentication-method 
authentication-method profile-id profile-id sip-password sip-password sip-user-id sip-id slot sim-slot-number 


Release Information 
Command introduced in Junos OS 9.5. The slot sim-slot-number option is introduced in Junos OS 
15.1X49-D100. 


Description 

Create a profile. The Subscriber Identity Module (SIM) uses a profile to establish a connection with the 
network. You can configure up to 16 profiles for each SIM card. The LTE Mini-PIM supports two SIM cards 
and so you can configure a total of 32 profiles, although only one profile can be active at a time. 


To create a profile, you must obtain the following information from the service provider: 


e Username and password 
e Access point name (APN) 


e Authentication (Challenge Handshake Authentication Protocol (CHAP) or Password Authentication 
Protocol (PAP)) 


Options 
e interface-name—The LTE interface is cl-x/0/0, where x is the slot number in which the LTE Mini-PIM is 
installed. 


e access-point-name access-point-name—Access point name (APN). Obtain the APN from the service 
provider. You can specify only a single APN in a profile. 


e authentication-method—The authentication protocol that the SIM card uses to authenticate with the 
wireless network. Obtain the authentication information from the service provider. The authentication 
protocol used by the SIM card must match the protocol used by the service provider. The 
authentication-method can be one of the following: 


° CHAP 
° PAP 


e None 


profile-id profile-id—Profile identification number for the profile. The default value is 1. The range of 
possible values is from 1 through 16. 


e sip-password sip-password—Simple IP password. Obtain the password from the service provider. 


e sip-user-id sip-id—Simple IP user identification. Obtain the username from the service provider. 


e slot sim-slot-number—The slot in which the SIM card is inserted. The value can be either 1 or 2. 


Required Privilege Level 
maintenance 


RELATED DOCUMENTATION 


show modem wireless profiles | 976 


List of Sample Output 
request modem wireless create-profile on page 756 


Sample Output 


request modem wireless create-profile 


user@host> request modem wireless create-profile cl-1/0/0 access-point-name apn 


authentication-method pap profile-id 2 sip-password 123 sip-user-id userid slot 1 


Issued create profile request successfully. 


Please use 'show modem wireless profiles' to check profile status 
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| request modem wireless fota 


Syntax 


request modem wireless fota interface-name (enable | disable) 


Release Information 
Command introduced in Junos OS 15.1X49-D100. 


Description 

Enable or disable over-the-air (OTA) firmware upgrade for the modem on the LTE Mini-PIM. OTA firmware 
upgrade enables automatic and timely upgrade of modem firmware when new firmware versions are 
available. The OTA upgrade can be enabled or disabled on the LTE Mini-PIM. OTA is disabled by default. 


Required Privilege Level 
maintenance 


RELATED DOCUMENTATION 


show modem wireless firmware | 970 


List of Sample Output 
request modem wireless fota (enable) on page 757 
request modem wireless fota (disable) on page 757 


| Sample Output 


request modem wireless fota (enable) 


user@host> request modem wireless fota cl-1/0/0 enable 


Set FOTA on modem succeeded 


request modem wireless fota (disable) 


user@host> request modem wireless fota cl-1/0/0 disable 


Set FOTA on modem succeeded 
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| request modem wireless sim-lock 


Syntax 


request modem wireless sim-lock enable interface-name pin pin 


Release Information 
Command introduced in Junos OS Release 9.5. 


Description 

Lock the Subscriber Identity Module (SIM) on the Mini-PIM. The SIM lock does not take effect until the 
next reboot of the services gateway. You can verify the locked mode using the show modem wireless 
firmware command. 


NOTE: If there are two SIMs installed on the LTE Mini-PIM, then only the active SIM is locked. 
After the SIM is locked, it cannot connect to the network. The SIM must be unlocked before it 
is used to connect to the network. 


Options 
e interface-name—The LTE Mini-PIM is denoted as cl-x/0/0, where x is the slot number in which the LTE 
Mini-PIM is installed. 


e pin pin—Four-digit personal identification number (PIN). Obtain the PIN from the service provider. 


NOTE: If the PIN is entered incorrectly three consecutive times, the SIM card is blocked. 
Obtain a PIN unblocking key (PUK) from the service provider. 


Required Privilege Level 
maintenance 


RELATED DOCUMENTATION 


request modem wireless sim-unlock | 760 


List of Sample Output 
request modem wireless sim-lock on page 759 
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Sample Output 
request modem wireless sim-lock 


user@host> request modem wireless sim-lock enable cl-1/0/0 pin 4321 


Issued SIM 2 lock state request successfully. 


Please use 'show modem wireless firmware' to check SIM status 
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| request modem wireless sim-unlock 


Syntax 


request modem wireless sim-unlock interface-name pin unlock-code 


Release Information 
Command introduced in Junos OS Release 9.5. 


Description 

Unlock the Subscriber Identity Module (SIM) on the LTE Mini-PIM. Some service providers lock the SIM 

to prevent unauthorized access to the service provider's network. If this is the case, you will need to unlock 
the SIM by using an personal identification number (PIN), which is provided by the service provider. You 
can verify the unlocked mode using the show modem wireless firmware command. 


NOTE: If there are two SIM cards installed on the Mini-PIM, then only the active SIM card is 
unlocked. 


The SIM must be unlocked before it can be used to connect to the service provider’s network. 


Options 
e interface-name—The LTE interface is denoted as cl-x/0/O, where x is the slot number in which the LTE 
Mini-PIM is installed. 


e pin unlock-code—Four-digit personal identification number (PIN). Obtain the PIN from the service provider. 


NOTE: If the PIN is entered incorrectly three consecutive times, the SIM card is blocked. 
Obtain a PIN unblocking key (PUK) from the service provider. 


Required Privilege Level 
maintenance 


RELATED DOCUMENTATION 


request modem wireless sim-lock | 758 


List of Sample Output 
request modem wireless sim-unlock on page 761 
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Sample Output 
request modem wireless sim-unlock 


user@host> request modem wireless sim-unlock cl-1/0/0 pin 1234 


Issued SIM 2 unlock request successfully. 


Please use 'show modem wireless firmware' to check SIM status 
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| show chassis fpc (View) 


Syntax 


show chassis fpc 

<detail < fpc-slot >| <node ( node-id | local | primary)>> | 
<node ( node-id | local | primary)> | 

<pic-status < fpc-slot >| <node ( node-id | local | primary)>> 


Release Information 

Command modified in Junos OS Release 9.2. 

Starting with Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1, the SRX5K-MPC3-100G10G 
(l1OC3) and the SRX5K-MPC3-40G10G (IOC3) are introduced. 


NOTE: On SRX5K-MPC3-40G10G (lOC3), all four PICs cannot be powered on. A maximum of 
two PICs can be powered on at the same time. By default, PICO and PIC1 are online. 


Use the set chassis fpc <slot> pic <pic> power off command to choose the PICs you want to power on. 
When you use the set chassis fpc <slot> pic <pic> power off command to power off PICO and PIC1, PIC2 
and PIC3 are automatically turned on. 

When you switch from one set of PICs to another set of PICs using the set chassis fpc <slot> pic <pic> 
power off command again, ensure that there is 60 seconds duration between the two actions, otherwise 
core files are seen during the configuration. 

The Table 45 on page 762 summarizes the SRX5K-MPC3-40G10G (lOC3) PICs selected for various 
configuration scenarios. 


Table 45: SRX5K-MPC3-40G10G (IOC3) PIC Selection Summary 


CLI Configuration PIC Selection 


Default (i.e. no CLI configuration) Online: PIC-O, PIC-1 


Offline: PIC-2, PIC-3 


PIC-1, PIC-2 and PIC-3 powered OFF Online: PIC-O 


Offline: PIC-1, PIC-2, PIC-3 


PIC-O, PIC-2 and PIC-3 powered OFF Online: PIC-1 


Offline: PIC-O, PIC-2, PIC-3 


PIC-O, PIC-1 and PIC-3 powered OFF Online: PIC-2 


Offline: PIC-O, PIC-1, PIC-3 


Table 45: SRX5K-MPC3-40G10G (IOC3) PIC Selection Summary (continued) 


CLI Configuration 


PIC-O, PIC-1 and PIC-2 powered OFF 


PIC-2 and PIC-3 powered OFF 


PIC-2 and PIC-3 powered OFF 


PIC-1 and PIC-2 powered OFF 


PIC-O and PIC-3 powered OFF 


PIC-O and PIC-1 powered OFF 


All other combinations of PICs being powered 
OFF (Invalid) 


Description 


Display status information about the installed Flexible PIC Concentrators (FPCs) and PICs. 


Options 


PIC Selection 


Online: PIC-3 


Offline: PIC-O, PIC-1, PIC-2 


Online: PIC-0O, PIC-1 


Offline: PIC-2, PIC-3 


Online: PIC-O, PIC-1 


Offline: PIC-2, PIC-3 


Online: PIC-O, PIC-3 


Offline: PIC-1, PIC-2 


Online: PIC-2, PIC-1 


Offline: PIC-O, PIC-3 


Online: PIC-2, PIC-3 


Offline: PIC-O, PIC-1 


Online: PIC-O, PIC-1 


Offline: PIC-2, PIC-3 


Default PICs will be selected for the invalid combinations. Also, 
a system log message will be displayed to indicate the invalid 
combination PIC selection. 


e none—Display status information for all FPCs. 


e detail—(Optional) Display detailed FPC status information. 


e fpc-slot —(Optional) Display information about the FPC in this slot. 


e node—(Optional) For chassis cluster configurations, display status information for all FPCs or for the 


specified FPC on a specific node (device) in the cluster. 


e node-id —|dentification number of the node. It can be O or 1. 
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e local—Display information about the local node. 


e primary—Display information about the primary node. 


e pic-status—(Optional) Display status information for all FPCs or for the FPC in the specified slot (see 
fpc-slot). 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 


List of Sample Output 

show chassis fpc on page 766 

show chassis fpc (SRX5600 and SRX5800 devices) on page 766 

show chassis fpc (SRX5400, SRX5600, and SRX5800 devices with SRX5K-MPC3-100G10G (IOC3) or 
SRX5K-MPC3-40G10G (IOC3) on page 766 

show chassis fpc detail 2 on page 767 

show chassis fpc pic-status (SRX5600 and SRX5800 devices) on page 767 

show chassis fpc pic-status (SRX5600 and SRX5800 devices with SPC2) on page 768 

show chassis fpc pic-status (SRX5600 and SRX5800 devices with SRX5K-MPC) on page 768 

show chassis fpc pic-status (SRX5600 and SRX5800 devices when Express Path [formerly known as 
services offloading] is configured) on page 769 

show chassis fpc pic-status (with 20-Gigabit Ethernet MIC with SFP) on page 769 

show chassis fpc pic-status(SRX5400, SRX5600, and SRX5800 devices with SRX5K-MPC3-100G10G 
(lOC3) or SRX5K-MPC3-40G10G (lIOC3 and when Express Path [formerly known as services offloading] 
is configured) on page 770 

show chassis fpc pic-status for HA (SRX5600 and SRX5800 devices) on page 771 

show chassis fpc pic-status for HA(SRX5400, SRX5600, and SRX5800 devices with 
SRX5K-MPC3-100G10G (IOC3) or SRX5K-MPC3-40G10G (lOC3) on page 771 


Output Fields 
Table 46 on page 765 lists the output fields for the show chassis fpc command. Output fields are listed in 
the approximate order in which they appear. 


Table 46: show chassis fpc Output Fields 


Field Name 


Slot or Slot State 


Temp (C) or Temperature 


Total CPU Utilization (%) 


Interrupt CPU Utilization (%) 


Memory DRAM (MB) 


Heap Utilization (%) 


Buffer Utilization (%) 


Start Time 


Uptime 


PIC type 


Field Description 


Slot number and state. The state can be one of the following conditions: 


e Dead—Held in reset because of errors. 

e Diag—Slot is being ignored while the device is running diagnostics. 
e Dormant—Held in reset. 

e Empty—No FPC is present. 

e Online—FPC is online and running. 


e Present—FPC is detected by the device, but is either not supported by the 
current version of Junos OS or inserted in the wrong slot. The output also states 
either Hardware Not Supported or Hardware Not In Right Slot. FPC is coming 
up but not yet online. 


e Probed—Probe is complete; awaiting restart of the Packet Forwarding Engine 
(PFE). 


e Probe-wait—Waiting to be probed. 


Temperature of the air passing by the FPC, in degrees Celsius or in both Celsius 
and Fahrenheit. 


Total percentage of CPU being used by the FPC's processor. 


Of the total CPU being used by the FPC's processor, the percentage being used 
for interrupts. 


Total DRAM, in megabytes, available to the FPC's processor. 
Percentage of heap space (dynamic memory) being used by the FPC's processor. 
If this number exceeds 80 percent, there may be a software problem (memory 


leak). 


Percentage of buffer space being used by the FPC's processor for buffering internal 
messages. 


Time when the Routing Engine detected that the FPC was running. 


How long the Routing Engine has been connected to the FPC and, therefore, how 
long the FPC has been up and running. 


(pic-status output only) Type of FPC. 
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| Sample Output 


show chassis fpc 


user@host> show chassis fpc 














Temp CEWmU ere leit rciterin@ tim ess) Memory Whe ailiwereaem (3) 
Slot State (Cc) Total Interrupt DRAM (MB) Heap Buffer 
0 Online CLUES smu 
1 Online Not Usabl 
2 Online Ceu less Pec 








show chassis fpc (SRX5600 and SRX5800 devices) 


user@host> show chassis fpc 


Temp CPU Utilization (%) Memory Utilization (%) 
Slot State ise Total Interrupt DRAM (MB) Heap Buffer 
O Empty 
Empty 
Empty 
Online 37 3 0 1024 7 42 


Empty 
Empty 
Online 30 8 0 1024 23 30 
Empty 


Empty 
Empty 
Empty 


Empty 








= G& & ey ss) Gy i gS @) ike ie 


PoP 


show chassis fpc 
(SRX5400, SRX5600, and SRX5800 devices with SRX5K-MPC3-100G10G (lIOC3) or SRX5K-MPC3-40G10G 
(lOC3) 


user@host> show chassis fpc 


Temp CPU Utilization (%) CPU Utilization (%) Memory 


° 


(UiealIalyereatoiq ((%)) 


Slot State (C) Total Interrupt lmin 5min 15min DRAM (MB) 


Heap Buffer 
0 Online 36 20 0 20 i) A) 1024 


1 Online 


2 Online 


| Sample Output 


show chassis fpc detail 2 


35) 


40 


2 
all 


user@host> show chassis fpc detail 2 


Slot 2 information: 


State 


Total 
Total 





Wore aul 
Start 


Temperature 


CPU DRAM 


RLDRAM 


DDR DRAM 


time: 


Uptime: 


Max Power Consumption 


| Sample Output 


Online 


SY 


1024 MB 
O MB 
O MB 
AOLAO Yili) 7g ilisis S@) IiD)E 


4 days, 


O Watts 


26 
8 

14 
20 

13 


2d Veena sss 


show chassis fpc pic-status (SRX5600 and SRX5800 devices) 


user@host> show chassis fpc pic-status 


Sikotems 
PIC 0) 
ee, Al 
Slot 6 
Ea 
PLC 
PLC 
PLC 





ie) hoy TSS) 


Online 
Online 
Online 
Online 
Online 
Online 


Online 





Online 


SRS kSee 

SIP Cio) 

SPU Flow 

SRX5k DPC 4x 10GE 
1x 10GE (LAN/WAN) 
1x 10GE (LAN/WAN) 
1x 10GE (LAN/WAN) 
1x 10GE (LAN/WAN) 























RichQ 
RichQ 
RichQ 
RichQ 


8 8 


20 20 


51 minutes, 


2048 


3584 


59 seconds 
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show chassis fpc pic-status (SRX5600 and SRX5800 devices with SPC2) 


user@host> show chassis fpc pic-status 


Silo 0 
Pane 
21 
PLC 
2LC 
Sioiem. 
PLC 
2 
2 ILC 
PLC 
Sito tem 
ee 0) 
ee Al 
PIU 2 
PIC 3 
Slee 5 
PIC (0) 
21, Al 


Gey LS) tS) 


(Sey Sy [tS 





Online 


Online 


Online 


Online 


Online 


Online 


Online 


Online 


Online 


Online 


Online 


Online 


Online 


Online 


Online 


Online 


Online 





Online 


SRX5k 


DPC 40x 1GI 


10x 1GE RichoO 
10x 1GE RichQ 
10x 1GE RichO 
10x 1GE RichQ 


SRX5k 





SEI ILI 


SEU Go 
SPU Flow 


SPU Flow 


SPU Flow 


SPE 1 


SPU Flow 


SPU Flow 


SPU Flow 


SPU Flow 


SRX5k 


SEC 


SPU Flow 











SPU Flow 





Ey 


show chassis fpc pic-status (SRX5600 and SRX5800 devices with SRX5K-MPC) 


user@host> show chassis fpc pic-status 


Silot 0 
PLC 
eC 
eC 
PLC 
Sioa 
Pale 
PLC 
PLC 
PLC 
Soca 
Pane 
eC 
eC 
PLC 
Slot 6 


(oy fey [eS XS) 


CO eS) 





Sey Sy [= fS) 


Online 


Online 


Online 


Online 


On] 
On] 
On] 
On] 
On] 
On] 
On] 
On] 
On] 
On] 
On] 


Offline 


line 
line 
line 
line 
line 
line 
line 
line 
line 


line 





line 




















SMS SC ILI 

SEU CTO 

SPU Flow 

SPU Flow 

SPU Flow 

SES SiC ILI 

SPU Flow 

SPU Flow 

SPU Flow 

SPU Flow 

SRX5k DPC 4X 10G 
1x 10GE (LAN/WAN) 
1x 10GE (LAN/WAN) 
1x 10GE (LAN/WAN) 
1x 10GE (LAN/WAN) 


SRX5k 











SPC 11 





Ey 


RichQ 
RichQ 
RichQ 
RichQ 
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Silo §) Online SUSIE SIC. II 
PIC 0 Online SPU Flow 
Pe i COibationss SPU Flow 
PIC 2 Online SPU Flow 
PIC 3 Online SPU Flow 
Slot 10 Online SRX5k IOC II 
PIC 0 Online 10x 10GE SFP+ 
PIC 2 Online 1x 100GE CFP 
Silo Li Wymibsings SRC LOC 11 
PIC 0 Online 1x 100GE CFP 
PIC 2 Online 2x 40GE QSFP+ 








show chassis fpc pic-status (SRX5600 and SRX5800 devices when Express Path [formerly known as 
services offloading] is configured) 


user@host> show chassis fpc pic-status 






































Sloem0 Offline SRX5k DPC 40x 1GE 
Siloiew Online SEWGie SPC IIL 
PIC 0 Online SPU Cp 
PIC 1 Online SPU Flow 
PIC 2 Online SPU Flow 
HEC, 5} (yall alin SPU Flow 
Silo 2 Offline SRXOk SEE 
Slot 4 Online SRX5k IOC3 24XGE+6XLG 
PCy ae Onileinc 3x 40GE QSFP+- np-cache/services-offload 
PLC 3 Oimilaine 3x 40GE QSFP+- np-cache/services-—offload 
Sil@ie 5 Online SRS kel © Carles 
PIC 0 Online 10x 1GE(LAN) SFP- np-cache/services-offload 
ue, I Oioidlains 10x 1GE(LAN) SFP- np-cache/services-offload 
PLE 2 Omilsine 10x 10GE SFP+-— np-cache/services-offload 











show chassis fpc pic-status (with 20-Gigabit Ethernet MIC with SFP) 


user@host> show chassis fpc pic-status 





nodeO0: 
Sileit O Online SRX5k SPC II 
PA Ca OMe © Teenie SPU Ep 


BUC i Ojmllaime SPU Flow 


Puc 2 
PAK Ss} 
Sakoiems 
Silo 2 
PIE ©) 
Pie AL 
PIC 2 
rate 3) 
Slot 9 
PIC 0 
PIC 1 
PIC 2 
PIC 3 
Sil@ie LO 
rae 10) 
PAC 2 
Sloe il 


show chassis fpc pic-status 


Online 
Online 
Offline 
Online 
Online 
Online 


Online 





Online 
Online 
Online 
Online 
Online 
Online 
Online 
Online 
Online 


Offline 


SPU Flow 

SPU Flow 

SOS SC IIE 
SRX5k DPC 4X 10G 





(Ee 3) 














1x 10GE (LAN/WAN) 
1x 10GE (LAN/WAN) 
1x 10OGE (LAN/WAN) 
1x 10GE (LAN/WAN) 








SRX5k IOC II 

10x 1GE(LAN) SFP 
10x 1GE(LAN) SFP 
10x 1GE(LAN) SFP 
10x 1GE(LAN) SFP 
SRM UOC 11 

10x I10GE SEP+ 

1x 100GE CEP 
Soe IOC II 


r 





ee 


RichQ 
RichQ 
RichQ 
RichQ 


(SRX5400, SRX5600, and SRX5800 devices with SRX5K-MPC3-100G10G (IOC3) or SRX5K-MPC3-40G10G 
(l1OC3 and when Express Path [formerly known as services offloading] is configured) 


user@host> show chassis fpc pic-status 


Slot 0 
Selkoical 
PIC 
PIEC 
PIC 
PAC 
Silo 2 
Slot 4 
PIE 2 
PIL, 3 
Slee 5 
PIC (0) 
Pe Al 
PIU 2 


CO eS) 





Offline 
Online 
Online 
Online 
Online 
Online 
Offline 
Online 
Online 
Online 
Online 
Online 


Online 





Online 





td 


SRX5k DPC 40x 1G 
SEV SIC II 
SEUBCp 

SPU Flow 

SPU Flow 

SPU Flow 

SRX5k SPC 

SRX5k I0C3 24XGE+ 





= 


6XLG 





3x 40GE QSFP+- np-cache/s 


rvices—offload 








3x 40G 
SROKEe INO IIL 


es 


QSFP+- np-cache/s 


rvices—offload 





10x 1G! AN) SEP 


=I 





np-cach 


/services-offload 











10x 1G! AN) SEP 


| 





np-cach 


/services-—offload 








10x 10GE SFP+- np-cache/s 


rvices—offload 
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| Sample Output 


show chassis fpc pic-status for HA (SRX5600 and SRX5800 devices) 


user@host> show chassis fpc pic-status 


nodeO0: 





Slot 4 Online 


PCO Onleime 
PIC 1 Online 
PIC 2 Online 
PIC 3 Online 


Silee 5 Online 
PIE 0) Oimnllaine 
PIC 1 Online 








nodel: 


SRX5k DPC 40x 1G 
10x 1GE RichO 
10x 1GE RichO 
10x 1GE RichQ 
10x 1GE RichQ 
SRASK SPC 

SEU CO. below, 

SPU Flow 





Ey 


= 


| 








Slot 4 Online 
PIC 0 Online 
Pile Orlane 
Puy Onlemne 
PIC 3 Online 
Slot 5 Online 
PIC 0 Online 
PIC 1 Online 








SRX5k DPC 40x 1GE 
10x 1GE RichO 

10x 1GE RichoO 

10x 1GE RichQ 

10x 1GE RichO 
SRXSK SPC 

SPU Cp-Flow 

SPU Flow 





= 


= 





show chassis fpc pic-status for HA 


(SRX5400, SRX5600, and SRX5800 devices with SRXS5K-MPC3-100G10G (IOC3) or SRX5K-MPC3-40G10G 


(lOC3) 


user@host> show chassis fpc pic-status 


user@host> show chassis fpc pic-status 


nodeO: 





Siloc 2 Online 
PIC 0 Online 
PIC 1 Online 
PIC 2 Ope lalinS 
PIC 3 Ossie laliong 
Slot 4 Online 
PIC 2 Online 
Silko temo Online 





SRX5k IOC3 24XGE+6XLG 
12x HO0GH SHEP 
Ase ANKE, TSiN2er 
3x 40GE QOSFP+ 
3x 40GE OSFP+ 
Seoce IOC II 
10x 10GE SEP+ 
SRC SPC WI 





r 
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PIC 0 Online SEUMCD 
1-2 Oo a ©} ol si aX SPU Flow 
RIEC 2 Oieie Mains 

PIC 3 Offline 

me clone: 

Sloe 2 Online SRX5k IOC3 24XGE+6XLG 
PIC 0 Online 12x 10GH SEP+ 
Pe i COimtlains 12x W0GH SHEP+ 
PIG 2 One I alieys) 3x 40GE QSFP+ 
PIG 8) tne isha 3x 40GE QOSFP+ 

Slot 4 Online SVC ILO ILI 
PIC 2 Online 10x HOGH SHP+ 

Sloe 8 Online SvVSrs SPC Wie 
PIC 0 Online SEWED 
Pil Orlane SPU Flow 
PWC, 2 Opeitllaliove 
PIC 3 Oneiellalione 





772 


773 


| show chassis hardware (View) 


Syntax 


show chassis hardware 
<clei-models | detail | extensive | models | node ( node-id | all | local | primary)> 


Release Information 
Command introduced in Junos OS Release 9.2. Command modified in Junos OS Release 9.2 to include 
node option. 


Description 


Display chassis hardware information. 


Options 
e clei-models—(Optional) Display Common Language Equipment Identifier Code (CLEI) barcode and model 
number for orderable field-replaceable units (FRUs). 


e detail | extensive—(Optional) Display the specified level of output. 
e models—(Optional) Display model numbers and part numbers for orderable FRUs. 


e node—(Optional) For chassis cluster configurations, display chassis hardware information on a specific 
node (device) in the cluster. 


e node-id —|dentification number of the node. It can be O or 1. 
e local—Display information about the local node. 


e primary—Display information about the primary node. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


Understanding Traffic Processing on Security Devices 


Interface Naming Conventions | 35 


Output Fields 


Table 47 on page 774 lists the output fields for the show chassis hardware command. Output fields are 
listed in the approximate order in which they appear. 
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Table 47: show chassis hardware Output Fields 


Field Name 


Item 


Version 


Part Number 


Serial Number 


Assb ID or Assembly ID 


FRU model number 


CLEI code 


EEPROM Version 


Field Description 

Chassis component—Information about the backplane; power supplies; fan trays; 
Routing Engine; each Physical Interface Module (PIM)—reported as FPC and 
PlC—and each fan, blower, and impeller. 

Revision level of the chassis component. 

Part number for the chassis component. 

Serial number of the chassis component. The serial number of the backplane is 
also the serial number of the device chassis. Use this serial number when you need 
to contact Juniper Networks Customer Support about the device chassis. 
Identification number that describes the FRU hardware. 

Model number of FRU hardware component. 

Common Language Equipment Identifier code. This value is displayed only for 
hardware components that use ID EEPROM format v2. This value is not displayed 


for components that use ID EEPROM format v1. 


ID EEPROM version used by hardware component: 0x01 (version 1) or Ox02 


(version 2). 
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Table 47: show chassis hardware Output Fields (continued) 


Field Name Field Description 


Description 
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Table 47: show chassis hardware Output Fields (continued) 


Field Name Field Description 


Brief description of the hardware item: 


e Type of power supply. 
e Switch Control Board (SCB) 


Starting with Junos OS Release 12.1X47-D15 and Junos OS Release 17.3R1, 
the SRX5K-SCBE (SCB2) is introduced. 


There are three SCB slots in SRX5800 devices. The third slot can be used for 
an SCB or an FPC. When an SRX5K-SCB was used , the third SCB slot was 
used as an FPC. SCB redundancy is provided in chassis cluster mode. 


With an SCB2, a third SCB is supported. If a third SCB is plugged in, it provides 
intra-chassis fabric redundancy. 


The Ethernet switch in the SCB2 provides the Ethernet connectivity among 
all the FPCs and the Routing Engine. The Routing Engine uses this connectivity 
to distribute forwarding and routing tables to the FPCs. The FPCs use this 
connectivity to send exception packets to the Routing Engine. 


Fabric connects all FPCs in the data plane. The Fabric Manager executes on 
the Routing Engine and controls the fabric system in the chassis. Packet 
Forwarding Engines on the FPC and fabric planes on the SCB are connected 
through HSL2 channels. 


SCB2 supports HSL2 with both 3.11 Gbps and 6.22 Gbps (SerDes) link speed 
and various HSL2 modes. When an FPC is brought online, the link speed and 
HSL2 mode are determined by the type of FPC. 


Starting with Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1, 
the SRX5K-SCB3 (SCB3) with enhanced midplane is introduced. 


All existing SCB software that is supported by SCB2 is supported on SCB3. 
SRX5K-RE-1800X4 mixed Routing Engine use is not supported. 
SCB3 works with the SRX5K-MPC (IOC2), SRXSK-MPC3-100G10G (IOC3), 


SRX5K-MPC3-40G10G (IOC3), and SRX5K-SPC-4-15-320 (SPC2) with current 
midplanes and the new enhanced midplanes. 

Mixed SCB use is not supported. If an SCB2 and an SCB3 are used, the system 
will only power on the master Routing Engine's SCB and will power off the 
other SCBs. Only the SCB in slot 0 is powered on and a system log is 
generated. 

SCB3 supports up to 400 Gbps per slot with old midplanes and up to 500 
Gbps per slot with new midplanes. 

SCB3 supports fabric intra-chassis redundancy. 

SCB3 supports the same chassis cluster function as the SRX5K-SCB (SCB1) 
and the SRX5K-SCBE (SCB2), except for in-service software upgrade (ISSU) 
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Table 47: show chassis hardware Output Fields (continued) 


Field Name Field Description 


and in-service hardware upgrade (ISHU). 
e SCB3 has a second external Ethernet port. 
e Fabric bandwidth increasing mode is not supported. 


Starting in Junos OS 19.3R1, SRX5K-SCB4 is supported on SRX5600 and 
SRX5800 devices along with SRX5K-SPC3. 


SRX5K-SCB4: 


e Interoperate with SRX5K-RE3-128G, SRX5K-RE-1800X4, lOC2, |OC3, |OC4, 
SPC2, and SPC3. SCB4 is compatible with all midplanes and interoperate with 
existing PEMs, fan trays, and front panel displays. 

e Does not interoperate with SCB, SCB2, and SCB3. 

e Supports 480-Gbps link speed per slot. 

e Supports 1-Gigabit Ethernet interfaces speed with SRX5K-RE-1800%4 and 
1-Gigabit, 2.5-Gigabit, and 10-Gigabit Ethernet speeds with SRX5K-RE3-128G. 

e Support ISHU and ISSU in chassis cluster. 

e Supports fabric bandwidth mode and redundant fabric mode on SRX5600 
and SRX5800 devices. The bandwidth mode is the new default mode which 
is necessary to configure redundant mode in setting up the chassis cluster 


successfully. 
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Table 47: show chassis hardware Output Fields (continued) 


Field Name Field Description 


e Type of Flexible PIC Concentrator (FPC), Physical Interface Card (PIC), Modular 
Interface Cards (MICs), and PIMs. 
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Table 47: show chassis hardware Output Fields (continued) 


Field Name Field Description 


e |OCs 


Starting with Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1, 
the SRX5K-MPC3-100G10G (IOC3) and the SRX5K-MPC3-40G10G (IOC3) are 
introduced. 


e IOC3 has two types of |OC3 MPCs, which have different built-in MICs: the 
24x10GE + 6x40GE MPC and the 2x100GE + 4x10GE MPC. 

e IOC3 supports SCB3 and SRX5000 line backplane and enhanced backplane. 

e 1OC3 can only work with SRX5000 line SCB2 and SCB3. If an SRX5000 line 
SCB is detected, IOC3 is offline, an FPC misconfiguration alarm is raised, and 
a system log message is generated. 

e IOC3 interoperates with SCB2 and SCB3. 

e 1OC3 interoperates with the SRX5K-SPC-4-15-320 (SPC2) and the 
SRX5K-MPC (lOC2). 

e The maximum power consumption for one |OC3 is 645W. An enhanced power 


module must be used. 


e The lOC3 does not support the following command to set a PIC to go offline 
or online: 
request chassis pic fpc-slot <fpc-slot> pic-slot <pic-slot> <offline | online> 


e 1OC3 supports 240 Gbps of throughput with the enhanced SRX5000 line 
backplane. 


e Chassis cluster functions the same as for the SRX5000 line |OC2. 

e IOC3 supports intra-chassis and inter-chassis fabric redundancy mode. 

e IOC3 supports ISSU and ISHU in chassis cluster mode. 

e IOC3 supports intra-FPC and and Inter-FPC Express Path (previously known 


as services offloading) with IPv4. 

e NAT of IPv4 and IPv6 in normal mode and |Pv4 for Express Path mode. 

e All four PICs on the 24x10GE + 6x40GE cannot be powered on. A maximum 
of two PICs can be powered on at the same time. 
Use the set chassis fpc <slot> pic <pic> power off command to choose the 
PICs you want to power on. 
Fabric bandwidth increasing mode is not supported on IOC3. 

e SRX Clustering Module (SCM) 


e Fan tray 


Starting in Junos OS Release 19.3R1, the SRX5K-IOC4-10G and 
SRX5K-IOC4-MRAT line cards are supported along with SRX5K-SPC3 on the 
SRX5000 series devices. 
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Table 47: show chassis hardware Output Fields (continued) 


Field Name Field Description 


SRX5K-IOC4-10G: 


e Interoperates with SCB3, SCB4, SRX5K-RE-1800X4, SRX5K-RE3-128G, SPC2, 
SPC3, 1|OC2,IOC3, and lOC4. 


e Supports 480-Gbps speed. 
e Supports 40X10GE Interfaces with SCB3. 
e 40 10-Gigabit Ethernet port provides 10-Gigabit Ethernet MACsec support. 
e Supports reth and aggregated interfaces on the chassis cluster. 
e Supports ISSU and logical system on the chassis cluster. 
e Does not support SCB2. 
e SRX5K-IOC4-MRAT with SCB3 supports 10-Gigabit, 40-Gigabit, and 
100-Gigabit Ethernet Interfaces. 
e For hosts, the Routing Engine type. 


Starting with Junos OS Release 12.1X47-D15 and Junos OS Release 17.3R1, 
the SRX5K-RE-1800X4 Routing Engine is introduced. 


e The SRX5K-RE-18004 has an Intel Quad core Xeon processor, 16 GB of 
DRAM, and a 128-GB solid-state drive (SSD). 
The number 1800 refers to the speed of the processor (1.8 GHz). The 
maximum required power for this Routing Engine is 9OW. 


NOTE: The SRX5K-RE-1800X4 provides significantly better performance 
than the previously used Routing Engine, even with a single core. 


Starting in Junos OS Release 19.3R1, SRX5K-RE3-128G Routing Engine is 
supported along with SRX5K-SPC3 on the SRX5000 series devices. 


SRX5K-RE3-128G: 


e Provides improved control plane performance and scalability. 
SRX5K-RE3-128G has Intel’s Haswell-EP based processor with six cores. 


e Supports two 200G SSDs to store log files and 128-GB of memory for storing 
routing and forwarding tables and for other routing engines. 

e Interoperates with SCB3, SCB4, SRX5K-RE3-128G, SPC2, SPC3, l|OC2, |OC3, 
and lOC4. 


e Does not support SCB2 and SRX5K-RE-1800X4. 


| show chassis hardware 


show chassis hardware (SRX5800) 


user@host> show chassis hardware 


node0Q: 
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Hardware inventory: 





Item Version Part number Serial number 
Chassis JN1267BOFAGA 
Midplane REV 42 760-063937 ACRL3065 











ane 

FPM Board REV 05 iGO] OGMeyT2: CAHE4 860 

PDM Rev 01 740-063049 O€S2Z095 0S) 
le 

PEM 0 Rev 04 740-034724 QCS171002016 


n 


Reval 740-027760 QCS1825N07S 


ino] 
(eal 
Ss 
me 
























































n 
Routing Engine 0 REV 01 OOS ODS 51613 CALK8884 
Routing Engine 1 REV 01 T5002 5568 CADZ9076 
CERO REV 26 TFIO-OS1S91 CALV3002 
Ce i REV 26 T30—OS1 391 CALV3009 
HEC y2 REV 28 750-073435 CALS4630 
CEU BUILTIN BUILTIN 
PAKS 0) BUILTIN BUILTIN 
eave iL BUILTIN BUILTIN 
weaC 3 EVER) 750-044175 CABE7777 
CEU) BUILTIN BUILT 
Pac | BUILTIN SULETo 
ean AL BUILTIN BUIETIN 
Rate 2 BUILTIN BUILTIN 
PACS} BUILTIN BUILTIN 
FPC 4 REV 08 7T50=061262 CAFD8147 
CEU REV 02 FUT OEl263 CAFV7488 
MIC 0 REV 03 TIO0=0S5 732 CAFV9369 
Pile 0 BUILTIN BUILTIN 
XMevas0 REV 02 740-011613 PNB1GJR 
Pile 1 BUILTIN BUILTIN 
mac 8 REV 10 150-0622 42 CAKX2328 





Description 
SRX5800 
Enhanced SRX5800 Backpl 





Front Panel Display 


Power Distribution Modu 


PS 4.1kW; 200-240V AC i 


PS 4.1kW; 200-240V AC i 


RX5k RE-2000x6 

RX5k RE-2000x6 

RX5k SCB4 

RX5k SCB4 

23 

RX5k vCPP Broadwell 





S 

S 

S 

S 

S 

S 

SPU Cp-Flow 

SPU Flow 

SR SC IIL 
SROe DLC RPC 
SPU Flow 

SPU Flow 

SPU Flow 

SPU Flow 

SR IWC ICI 
SRX5k MPC PMB 
20x 1GE(LAN) SFP 
10x 1GE(LAN) SFP 
SHEP Sox 
10x 1GE(LAN) SFP 
SRX5k IOC3 2CGE+4XGE 





















































































































































PIC @ BUILTIN BULLETS 2x 10GH SPP+ 
Xevac0 REV 01 740-021308 ANAO7RE SHE tS WGroR 
ewe IL REV 01 740-031980 AQF ORBJ SHE MUGS SL 
ea AL BUILTIN BUILTIN ix 100GE CFP2 
PIC 2 BUILTIN BUILTI 2x 10GE SFP+ 
Xevr 0 REV O01 740-031980 AA1650304RF SiN 1 OE =X 
Mew 1 REV O1 740-021308 AQ93BDK Si r— LOE SiR 
rave 3 BUILTIN BUILTIN 1x 100GE CFP2 
Pee 8 REV 46 THO-OS 55111 8) CALC4514 SRX5k IOC4 MRAT 
CEU RE Vieezals T3005 71.77 CALC3494 SMPC PMB 
PIC 0) BULLIIN BUILTIN MRATE-6xQSFPP—XGE-XLGE-CGE 
xewe © REV O01 740-059437 000T20128 OSFP28-LPBK 
senpie IL REV 01 740-067443 1ACP13450KH OSFP+—40G-SR4 
RIC BUILTIN BUILTIN MRATE-6xOQSFPP—XGE-XLGE-CGE 
Mew REV O1 740-059437 0000T3443 OSFP28-LPBK 
EcitamlerachyaanO) REV 06 740-035409 ACAE9390 Enhanced Fan Tray 
ea “ieeny REV 06 740-035409 ACAE9386 Enhanced Fan Tray 
inexell 
Hardware inventory: 
Item Version Part number Serial number Description 
Chassis JN1267BO1AGA SRX5800 
idplane REV 42 VEO-OCS937/ ACRL3068 Enhanced SRX5800 Backplane 
FPM Board REV 05 1OO=VeL27 2 CAJX9988 Front Panel Display 
PDM Rev 01 740-063049 OCS2209507A Power Distribution Module 
PEM 0 Rev 11 740-027760 OCS1822NO0EY PS 4.1kW; 200-240V AC in 
PEM 1 Rev 03 740-034724 QCS17020203F PS 4.1kW; 200-240V AC in 
Routing Engine 0 REV 01 T20=095 50 CALK8 904 SRX5k RE-2000x6 
Routing Engine 1 REV 01 THO=0 D556) CADZ9076 SRX5k RE-2000x6 
CERO REV 26 Ty0-OSi se CALV3010 SRX5k SCB4 
(ey ib REV 26 THO—O Sal sek CALV3000 SRX5k SCB4 
Wee 2 REV 28 750-073435 CAKZ9620 SEES 
CEU) BUILTIN BUILTI SRX5k vCPP Broadwell 
PIC © BUILTIN SULT G SPU Cp-Flow 
eae AL BUILTIN BULLETIN SPU Flow 
eC 3 REV 18 750-054877 CACH4082 SRS SEC Ii 
Clu) BUILTIN BUILTIN SOC DIC WRC 
PIC @ BUILTIN BUILTI SPU Flow 
aC AL BUILTIN BULLIE SPU Flow 
PIC 2 BUILTIN BUILTI SPU Flow 
rac 3 BUILTIN BUILTIN SPU Flow 
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FPC 4 

CPU 

MIC 0 
PIE 

XCV 
PIC il 
2c. & 

PIC © 
XCVr 
XCVr 

Pave AL 

PIC 2 
MENae 
XCVr 

PIC 3 

mec 8 

CEU 

PIC 0) 


Xcvr 


Pic i 


Fan Tray 





Fan Tray 


{primary: 


ie (0) 


node0 } 


Hs 
ie 
< 


ira 
=a 


2 
irl 
= 


es 
ie 
& 


es 
ie 
S 


2 
irl 
=a 





2 
irl 
= 


a en 
fA 
<< 


x 
irl 
= 





2 
ie 
& 


2 
irl 
= 


ira 
< 





Hs 
ie 
< 


08 


02 


03 


O1 


OB 


O01 


O01 


O1 


O01 


46 


All 


O01 


06 
06 


PSUS OG AGZ 
TANS OGULA6 3) 
THOSOSS 1332 
BUILTIN 
740-011613 
LTIN 
-062242 
LTIN 








0 
I 
0 
ile 


740-021308 
740-031980 
BUILTIN 








BUILTIN 
740-031980 
740-031980 
BUILTIN 
THO-OS6S519) 
VSHOSO5 71 
BUILTIN 





740-067443 
BUILTIN 

740-035409 

740-035409 


CAFD8165 
CAFV7507 
CAFV6603 
BUILTIN 
AM0805S8M4N 
BUILTIN 
CAFZ2748 
BUILTIN 
1ST See O OSS: 
AS92WJ0 
[EU/IE Wye IL 














BUILTI 
AA1650304EZ 
ANSOEAR 
BUILTIN 
CALC4526 
CALF5727 











BUILTIN 


1ACP13450L9 


BUILTIN 


ACAE9298 
ACAE9314 





SRS LOE LI 














SRX5k MPC PMB 

20x 1GE(LAN) SFP 

10x 1GE(LAN) SFP 
SFP-SX 

10x 1GE(LAN) SFP 
SRX5k IOC3 2CGE+4XGE 
2x 10GE SFP+ 





SEP +—10IG=SR 
SEP+—10iG-SR 
Ix 100GE CFP2 
2ex ALONE, Sap 
SHES MOGI oR 
SEP +—0IG-SR 
Use LOOK, Clnietz 
SRX5k IOC4 MRAT 
SMPC PMB 








Tr 














MRATE-6xOSFPP-—XGE-XLGE-CG 














OSFP+—40G-SR4 








MRATE-6xOSFPP-—XGE-XLGE-CG 

















Enhanced Fan Tray 





Enhanced Fan Tray 


show chassis hardware (SRX5600 and SRX5800 devices for SRX5K-MPC) 


user@host> show chassis hardware 


Hardware inventory: 


Item 
Chassis 
idplane 
FPM Board 


ae) 
(eg 
(es 


aie. 
rs 
i) 














x 
ie 
& 





He 
ie 
< 


Rev 


Rev 


Rev 


Rev 


Rev 


Version 


O1 


O01 


OS 


OS 


03 


04 


03 


Part number 


710-041799 


710-024632 


740-013110 


740-034724 


740-034724 


740-034724 








740-034724 


Serial number 
JN12170EAAGA 
ACAX3849 
CAAX7297 
QCS170250DU 





0CS17020203F 


OCSIT7TOZ0Z03E 


QCS17100200A 


QCS17080200M 


Description 

SRX 5800 

SRX 5800 Backplane 
Front Panel Display 
Power Distribution Modu 


-lkW; 200-240V AC i 


PS 4.1kW; 200-240V AC i 


PS 4.1kW; 200-240V AC i 








PS 4.1kW; 200-240V AC i 























n 
Routing Engine 0 REV 11 
Cem REV 09 
CBa REV 09 
mec REV 07 
CEU 
PLE @ 
Rave Al 
Pale 2 
PIC 3 
mac il REV 07 
CEU 
PLE @ 
ean AL 
Rate 2 
PIC 3 
mae 2 REV 28 
CEU) REV 04 
PLC 
Xcevr 0 REV 02 
ean AL 
Rate 2 
PLE 3 
m2C © REV 02 
CEU) 
mec § REV 10 
EU 
PIC O 
PIC Al 
PIC 2 
PLC 3 
mec 11/0) REV 22 
REV 08 711-043360 
MIC 0 iany (OAL 
Pan@an0) 
Mewie | REV 01 
Xevr 1 REV 01 
MIC 1 law IE) 
PLC 2 
wee 0 REV 01 
mee iLL REV 07 
REV 08 711-043360 
MIC 0 REV 19 
PIC 0) 





740-023530 
710-024802 
710-024802 
750-044175 
BUILTIN 


BUILTIN 


i 
iL 
I 
it 
750-044175 
i 
IE 
I 
aL 














BUILTIN 
T50S0 20>) 
710-024633 
BUILTIN 
740-014289 


LTIN 
LTIN 














BUILTIN 
VSOSOL SD 7 
Y¥X3879 
750-049488 
BUILTIN 
740-031980 
740-031980 
750-049486 
BUILTIN 
(AVS OS 5329 





9012047437 
CAAX7202 
CAAX7157 
CAADO791 
UILTI 
UILTI 


LTIN 
LTIN 


LTIN 


LTI 
LTI 
LTIN 


I 

i 

ils 

els 

ils 
AADO751 
I] 

I] 

I] 

itd 


LTIN 














ogi fos) us) los! losl YO) us) (us) tos) ogi os 





UIL 
CAAW1 817 
CAAZ5269 
Usa Ey IIE 
A00404 
LTIN 


TIN 


LTIN 




















N WwW www WwW 2 (os! (ss) (es! fos) fos t=} led) 
CO HH HH HH FP HN HHH OO 
i i H : : ae i 
Oo 
ite) 
Ww 
i) 


SRX5k MPC PMB 

YZ2084 

BUILTIN 
AMBOHG3 
AM20B6F 
CAAH3504 
BUILTIN 
X000D375 


-04.07 750-043157 CAAJ8771 


CAAJ3881 
750-049486 
BUILTIN 


SRX5k MPC PMB 
CAAH0979 
BUILTIN 


RX5k 
RX5k 
RX5k 
RX5k 
RX5k 
=O O30) 
PU Flow 


iNg=—13—20 
SCB 

SCB 

SC il 
DECREE 





PU Flow 
PU Flow 
Uae SC IIL 
Rae DEC RPC 
PU Flow 

PU Flow 

PU Flow 

PU Flow 

RX5k DPC 4X 10 
RX5k DPC PMB 
OGE (LAN/WA 
XE PS nOG=SR 
1x 10GE (LA 
1x 10GE (LA 


(epy  Ieey Ade) “(dpy idoy  {oph wpY Ieey {dpy “Kdpy “dap Idpy teph eey Ade), (dpy Xda) 





pa 
x 
pon 


/WA 
/WA 








1x 10OGE (LA 
50,0) aac 10) 
RUA < IDL. 
RXSk (SPC 
RX5k DPC 
PU Flow 


/WA 
Ti 
PPC 
rig 
PPC 








PU Flow 
PU Flow 


(py eel Aepy  (dpy “Mday Ady top 1a) 





PU Flow 
SRX5kIOCII cpu 
10x 10GE SFP+ 
10x 10GE SFP+ 
SPP aP—LOE=SIR 
SHES MOG Son 

1x 100GE CFP 

1x 100GE CFP 
CFP-100G-SR10 
SRX5k IOC I 








CEBU 


1x 100GE CFP 
1x 100GE 





(Cine 


784 





)) IRateilavO) 


RichQ 
RichQ 
RichQ 





ewe | REV 01 

MIC 1 REV 08 
PIC 2 

Xcvr 0 REV 01 

sowie AL REV 01 

Fan Tray 0 REV 04 

Fan Tray 1 REV 04 





740-035329 
750-049487 
BUILTIN 

740-032986 
740-032986 
740-035409 
740-035409 





WEMO AOA 
CAAM1160 
BUILTIN 
QB151094 
QB160509 
ACAE0875 
ACAE0876 





show chassis hardware (with 20-Gigabit Ethernet MIC with SFP) 


user@host> show chassis hardware 


Hardware inventory: 





























Item Version 
Chassis 
idplane REV 02 
FPM Board REV 02 
PDM Rev 02 
PEM 0 Rev 03 
PEM 2 Rev 02 
Routing Engine 0 REV 05 
CB O REV 05 
mac il iany 1L°7/ 
CPU REV 02 
PIC 0) 
ewe 
Pc Al 
ewe (0 REV 02 
PIU 2 
2G 3 
mee 8 REV a2 2 
CEU REV 06 
MIC 0 REV 01 
PIC 0 
Xevr 2 REV 02 
Xevr 9 REV 02 
PIC 1 
Xevr 9 REV 02 
mee 5 REV O01 
(C120) 
mec & REV 08 
CEU) REV 02 
Ane (9) 


Part number 


710-013698 
710-014974 
740-013110 
740-023514 
740-023514 
740-015113 
HALOS ONES 3 sib 
PSUS0 20 ior 
710-024633 
BUILTIN 


74 
BUILT 
BUILTEN 
TO—O4 SA'S) 7/ 
711-043360 
750-055732 
BUILTIN 

740-013111 
740-011613 
BUILTIN 

740-011613 
750-027945 


N 
BUILTIN 

0 

it 














750-023996 
710-024633 
BUILTIN 


Serial number 
JN108DA5AAGA 
TROO37 

JY4635 
QCS10465005 
QCS11154040 
QCS10504014 
1000681023 
JY4775 
WZ6349 
WZ0718 
BUILTIN 
C724XM088 
BUILTIN 
C831XJ08S 
BUI 
B 

Z 

















CACF9115 
BUILTIN 
B358549 
PNB1FQS 
BUILTIN 
PNBLFFF 
JW9665 


XA7234 
XA1599 
BUILTIN 
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CFP-100G-SR10 
2x 40GE QSFP+ 

2x 40GE QSFP+ 
QSFP+—40G-SR4 
QSFP+—40G-SR4 








Enhanced Fan Tray 





Enhanced Fan Tray 


Description 

SRX 5800 

SRX 5600 Midplane 
Front Panel Display 


Power Distribution Module 























PS 1.7kW; 200-240VAC in 
PS 1.7kW; 200-240vVAC in 
INE = S= 1 300) 

SRX5k SCB 

SRX5k DPC 4X 10GE 

SRX5k DPC PMB 

1x 10GE (LAN/WAN) RichQ 
XFP-10G-SR 

1x 10GE (LAN/WAN) RichQ 
XFP-10G-SR 

1x 10GE (LAN/WAN) RichQ 
1x 10GE (LAN/WAN) RichQ 
SRX5k IOC II 

SRX5k MPC PMB 











20x 1GE(LAN) SFP 
10x 1GE(LAN) SFP 
SFP-T 

SFP-SX 

10x 1GE(LAN) SFP 
SFP-SX 

SRX5k FIOC 


SRO kmoL 
SRX5k DPC PMB 
SEUNG DS EeLow 


Pare AL 
Fan Tray 0 R 
imelion “ies IL R 





EV 03 





show chassis hardware 
(SRX5600 and SRX5800 devices with SRX5000 line SRX5K-SCBE [SCB2] and SRX5K-RE-1800X4 [RE2]) 


EV O12 


BUILTIN 
740-014971 
740-014971 


user@host> show chassis hardware 


nodeO0: 


BUILTIN 
TPO0902 
EeEOLAI 
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SPU Flow 
Ia beelsy 
Iria Ab reteiyy 








Hardware inventory: 








Item Version 
Chassis 
idplane REV 01 
FPM Board REV O01 
PEM 0 Reve 
in 
PEM 1 Rew OS 
in 
Routing Engine 0 REV 02 
Routing Engine 1 REV 02 
CB O REV O01 
ee il any (OAL 
BE ean 0) REV 18 
CPU) 
PAC (0) 
rac il 
Pane 2 
PIC 3s 
mac il inany (OAL 
CPU REV 02 
rave 10) 
Xcevr 0 REV 01 
Xevr 1 REV 01 
MEW Z REV 01 
Mew 3 REV 01 
Mews © REV O01 
ean AL 
Rate 2 
PAKS Ss} 
WAN MEZZ ina ILS 
wee 3 any ILAL 
CPU REV 04 























Part number 


TOU-OGSI36 
710-024631 
740-034701 


740-034701 


740-056658 
740-056658 
THOSOG22.5) I 
PSUS 06725 7 
750-054877 
BUILTIN 
BUILTIN 
BUILTIN 
BUILTIN 








BUILTIN 
750-062243 
711-062244 
BUILTIN 
740-031980 
740-031980 
740-031980 
740-031980 
740-021308 
BUILTIN 
BUILTIN 











BUILTIN 

750-049136 
PSUS OASiS 7 
711-043360 


Serial number 
JN1251EA1AGB 
ACRE2657 
CABY3551 
QCS13380901P 








Q0CS133809019 


IOOI2ZTOL0S 
QOL SA LSSHS AL 
CADW3663 
CADZ3263 
CABG6043 
EU/IE Lye IL 
BUILTIN 
BUILTIN 
BUILTIN 








BUILTI 
CAEE5918 
CADX8509 
BUILTIN 
USS SINO IS) SIL 
DUSSSSINO ISLS) 
ANAOBK6 
P407GA 
UC20G1 
UILTIN 

















UILTIN 








os} fusi los} eS 





UILTIN 

CAEE5845 
CACL7452 
CACP1977 














Description 
SRX5600 





Enhanced SRX5600 Midplane 


Front Panel Display 

PS 1.4-2.6kW; 90-264V AC 
PS 1.4-2.6kW; 90-264V AC 
RX5k RE-1800X4 

RX5k RE-1800X4 

RX5k SCB3 

RX5k SCB3 

RUASe SC IIe 

RA DC IRC 

20 Ce) 

PU Flow 








PU Flow 

PU Flow 

RX5k IOC3 24XGE+6XLG 
PC PMB 

2s AOE GENE sr 

SHE OG lorR 
SHE OES or 
SHES NOG lon 
SHE aOiG on 
SHES NOG SSR 
12x 10GE SFP+ 
Sar UCE MOSHE 
3x 40GE QSFP+ 
MPC5E 24XGE 
SRC WOE IIL 
SRX5k MPC PMB 








[= es) py py ide) “Wey dey py YY ep Mp) ao) 























OTN Mezz 
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MIC 0 REV 04 750-049488 CABL4759 10x 10GE SFP+ 
Pale (0) BUILTIN BUILTIN 10x 10GE SFP+ 
Xcevr 0 REV 01 740-021308 CF36KMOSY SHES MUGS oR 
Xevr 1 REV 01 740-021308 MUCOMEF2 SFP+—10G-SR 
MeWie 2 REV O01 740-021308 CF36KM01S Sie r— 1 OE HSIN 
xewie 3 REV O01 740-021308 MUC229 SiMe 1 OE HBR 
aC 8 REV 07 750-044175 CAAD0764 SRG SEC it 
CEU BUILTIN BUILTIN SRC DIC IRC 
PAKS (0) BUILTIN BULLION SPU Flow 
rac il BUILTIN BUILTIN SPU Flow 
PIC 2 BUILTIN BUILTI SPU Flow 
PIC BUILTIN BUILT SPU Flow 
Fan Tray Enhanced Fan Tray 
nodel: 
Hardware inventory: 
Item Version Part number Serial number Description 
Chassis JN124FE77AGB SRX5600 
idplane REV 01 ISW=WG SING ACRE2970 Enhanced SRX5600 Midplane 
FPM Board REV O01 710-024631 CABYS 552 Front Panel Display 
PEM 0 Rev 03 740-034701 QCS133809028 PS 1.4-2.6kW; 90-264V AC 
in 
PEM 1 Rev 03 740-034701 OCSLISSOVOZT PS 1.4-2.6kW; 90-264V AC 
in 
Routing Engine 0 REV 02 740-056658 9009218294 SRX5k RE-1800X4 
Routing Engine 1 REV 02 740-056658 9013104758 SRX5k RE-1800X4 
CERO REV O01 T30—O6225 7 CAEB8180 SRX5k SCB3 
Ce i REV O1 T30-—O622.5 7 CADZ3334 SRX5k SCB3 
nC 10 REV 18 750-054877 CACJ9834 SRAGle SILC WIL 
CEU) BUILTIN BULLI SROle DEC RPC 
ruc 0) BUILTIN BUILTIN SEG 
eae AL BUILTIN BUILTIN SPU Flow 
Rate 2 BUILTIN BUILTIN SPU Flow 
PIC 3s BUILTIN BUILTI SPU Flow 
eC AL REV O1 750-062243 CAEBO981 SRX5k IO0C3 24XGE+6XLG 
CEU) REV 02 711-062244 CAEA4 644 RMPC PMB 
eA (0) BUILTIN BUIETIN IZ UGH SEP E 
Mowe © REV 01 740-031980 AP41BLH SFP+—10G-SR 
seenrie IL REV O01 740-031980 AQ400SL SHE SOG aor 
Mewne 2 REV O1 740-031980 AP422Ld Sie r— LOE SiR 
ewe 3 REV O01 740-021308 AMGORBT SIM 1 OE HBR 
Kew 8) REV O01 740-021308 MUC2FRG Sie r— LLOEGR 
eave Al BUILTIN BUILTIN UZ MOG Sire4- 

















PIC 2 
PIC 3 
WAN MEZZ REV 
Bec 8 REV 
CPU REV 
MIC 0 REV 
PIC 0 
Xcevr 0 REV 
Seniiaums REV 
Xevr 2 REV 
MEwie 3 REV 
MIC 1 REV 
PIC 2 
onsale REV 
BRC 5 REV 
CEU) 
PILE @ 
Pave AL 
PIC 2 
PIC 3 
Han Tray 


show chassis hardware 
(SRX5400, SRX5600, and SRX5800 devices with SRX5000 line SRX5K-SCB3 [SCB3] with enhanced 
midplanes and SRX5K-MPC3-100G10G [IOC3] or SRX5K-MPC3-40G10G [IOC3]) 


185 
dal 
04 
05 


O1 
O01 
O01 
O01 
O01 


On 
02 


BUILTIN 








BUILTIN 

750-049136 
750-043157 
711-043360 
750-049488 
BUILTIN 

740-030658 
740-031980 
740-021308 
740-021308 
750-049487 
BUILTIN 

740-032986 
750-044175 
BUILTIN 

BU 
BU 
BU 
BU 


LTIN 
LTIN 
LTIN 











it 
I 
i 
I 


LTIN 


user@host> show chassis hardware 


nodeO0: 


BUILTIN 








BUILTIN 

CAEA4837 
CACA8784 
CACA8820 
CADF0521 








BUILTIN 

AD1130A00PV 
AN40MVV 

CF36KM37B 
AD153830DSZ 
CABB5961 
BUILTIN 


QB160513 
ZY2569 
BUILTIN 


BUILTIN 


BUILTIN 


BUILTIN 








BUILTIN 
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3x 40GE QSFP+ 
3x 40GE QSFP+ 
MPC5E 24XGE 
SRS) ae © Caio 
SRX5k MPC PMB 
10x 10GE SFP+ 
10x 10GE SFP+ 
SEP+—10G—USR 
SEP + 0IG>SR 
SEP+—101G—SR 
SHES NOG Ion 
2x 40GE QOSFP+ 
2x A0GE QSFP+ 
OSFP+—40G-SR4 
ROK SIC ILI 
RXSke DPC ePPe 
PU Flow 











OTN Mezz 























PU Flow 


S 
S 
S 
S 
SPU Flow 
S 





PU Flow 





Enhanced Fan Tray 





Hardware inventory: 





Item Version 
Chassis 

Midplane REV 01 
FPM Board REV 02 
PEM 0 Rev 03 
PEM 1 Rev 03 





Routing 














Engine 0 REV 


O1 


Part number 


760-063936 


710-017254 


740-034701 


¢€ 
740-034701 


C 
740-056658 


Serial number 


JN 


ACRI 


1250870AGB 





E2578 


KD9027 
QCS13090900T 


in 


QCS13090904T 


in 


9009196496 


Description 
SRX5600 





Enhanced SRX5600 Midplane 


Front Panel Display 
PS 1.4-2.6kW; 90-264V A 


90-264V A 


Bisel —2)OlsWi; 


SRX5k RE-1800xX4 
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GEMO REV O01 P50US062257 CAEC2500 SRUAGle SICIES) 
ECG) EV 10 TIO-O56 1S CADC8067 SRXS aC walt 
CEU BUILTIN BUILTIN SRK SDE CPR Se 
Ave 10) BUILTIN BUILTIN SEG 
PIE Al BUILTIN BUILTI SPU Flow 
PwC 2 BUILTIN SULoTe SPU Flow 
PIC 3 BUILTIN BUILTI SPU Flow 
PC 2 REV O01 750-062243 CAEE5 924 SRX5k IOC3 24XGE+6XLG 
CPU REV 01 711-062244 CAEB4890 SRX5k IOC3 PMB 
RAC 10) BUILTIN BUILTIN UZe¢ WOE Sires- 
Pave AL BUILTIN BUILTIN i2o< WOGs Sir2sr 
PIC 2 BUILTIN BUILTIN 3x 40GE OSFP+ 
Xcevr 0 REV O01 740-038623 MOC13156230449 QSFP+—40G-CUI1M 
Xevas2 REV O01 740-038623 MOC13156230449 QSFP+—40G-CU1M 
Rac 3} BUILTIN BUILTIN Siar UCEMOSHPE 
WAN MEZZ REV O01 750-062682 CAEE5817 24x 10GE SFP+ Mezz 
FPC 4 REV 11 750-043157 CAC Yara 5 SRAGie WO II 
CEU REV 04 711-043360 CACZ8879 SRX5k MPC PMB 
MULE dL REV 04 750-049488 CACM6062 10x 10GE SFP+ 
PIC 2 BUILTIN BUILTIN LO LOE Sires- 
ene 7) REV O01 740-021308 AD1439301TU Shp MUG roR 
Xcevr 8 REV 01 740-021308 AD1439301SD SHE +S MUG=SR 
ewe 9) REV O01 740-021308 AD1439301TS SiN LOE = GR 
mee 3 REV 05 750-044175 ZZ1371 SRS SEC TI 
(C12) BUILTIN BUILTIN SRK DEC RPC 
PAK 10) BUILTIN BUILTIN SPU Flow 
eave Al BUILTIN BUILTIN SPU Flow 
RAC 2 BUILTIN BUILTIN SPU Flow 
PIC BUILTIN BUILTIN SPU Flow 
Fan Tray Enhanced Fan Tray 
nodel: 
Hardware inventory: 
Item Version Part number Serial number Description 
Chassis JN124FECOAGB SRX5600 
idplane REV 01 760-063936 ACRE2 946 Enhanced SRX5600 Midplane 
FPM Board test 710-017254 test Front Panel Display 
PEM 0 Rev 01 740-038514 OES A IMENOoS DC 2.6kW Power Entry 
odule 
PEM 1 Rev O01 740-038514 OCS AOS aloo DC 2.6kW Power Entry 
odule 
Routing Engine 0 REV 01 740-056658 9009186342 SRX5k RE-1800X4 
CB 0 REV 01 TSO0-O6225 7 CAEB8178 SRXSK SEBS 
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2c 0 REV 07 750-044175 CAAD0769 SRS SEC TI 
Clu) BUILTIN BUILTIN SOC DPC RRC 
Rave 0) BUILTIN BUILTIN SEU Ep 
ean AL BUILTIN BULET IN SPU Flow 
PIC 2 BUILTIN BUILTIN SPU Flow 
Puc 3) BUILTIN BUILTIN SPU Flow 
FPC 4 REV 750-043157 CAC Yara 2 SRAGie WOE I 
EU) REV 04 711-043360 CACZ8831 SRX5k MPC PMB 
Mier: REV 04 750-049488 CACN0239 10x 10GE SFP+ 
PIC 2 BUILTIN BUILTIN LOxe LOE Sires- 
ewe 7 REV 01 740-031980 ARN23HW SFP+-10G-SR 
sonic REV O01 740-031980 ARN2FVW SFP+-10G-SR 
xewie 9 REV O01 740-031980 ARN2YVM SFP+-10G-SR 
Hee & REV 10 TIO-056 158 CADA8736 SRXS ae SEC walt 
CEU BUILTIN BUILTIN SIRO DIC IRC 
RAS (0) BUILTIN BUILTIN SPU Flow 
PIC Al BUILTIN BUILTI SPU Flow 
Pac 2 BUILTIN BULLE SPU Flow 
PIC BUILTIN BUILT SPU Flow 
Imesh ssi Enhanced Fan Tray 
| show chassis hardware (SRX4200) 
user@host> show chassis hardware 
Hardware inventory: 
Item Version Part number Serial number Description 
Chassis DK2816AR0020 SRX4200 
Mainboard REV 01 6a 050 7 Gris EC UGH NOS AS51877 SRX4200 
Routing Engine 0 BUILTIN BUILTIN SRX Routing Engine 
mec BUILTIN BUILTIN FEB 
PIC @ BUILTIN BUILTIN 8x10G—-SFP 
Meme 0 REV O01 740-038153 MOC11511530020 SFP+—-10G-—CU3M 
ewe 1 REV 01 740-038153 MOC11511530020 SFP+-10G-CU3M 
ewe 2 REV 01 740-038153 MOC11511530020 SFP+-10G-CU3M 
ewe 3 REV O01 740-038153 MOC ImES MESS O10) SFP+-10G-CU3M 
Xevr 4 REV 01 740-021308 04DZ06A00364 SFP+-10G-SR 
ewe | REV O1 740-031980 233363A03066 SFP+-10G-SR 
Xevr 6 REV O01 740-021308 AL7OSWE SFP+-10G-SR 
Xevr 7 REV 01 740-031980 ALNON6C SFP+-10G-SR 

















enne {3} 


Power Supply 0 


Power Supply 1 


Fan Tray 0 
Aalieit hery = 
Fan Tray 1 
alice hery = 
Fan Tray 2 
Airflow — 


Fan Tray 3 








Airflow - 


| show chassis hardware (vSRX 3.0) 


AFO 


AFO 


AFO 


AFO 


EV 01 
EV 04 





EV 04 


740-030076 
740-041741 
740-041741 


APF16220018NK1 
1GA26241849 
1GA26241846 


SHE 0G Cus 
JPSU-650W-AC-AFO 
JPSU-650W-AC-AFO 


S) 


RX4 


RX4 


RX4 








RX4 


200 


200 


200 





200 


0, 


1, 


2, 


3, 


Fron 


Fron 


Fron 


Fron 








Back 


Back 


Back 


Back 


Starting in Junos OS Release 20.1R1, when vSRX 3.0 performs resource management, the vCPUs and 


RAM available to the instance are assigned based on what has been allocated prior to launching the instance. 
A maximum of 32 cores will be assigned to SRXPFE, for flow processing. Any allocation of cores in excess 
of 32 will automatically be assigned to the Routing Engine. For example, if 36 cores are allocated to the 

VM during the creation process, 32 cores are assigned for flow processing and 4 cores will be assigned to 
the RE. For memory allocations, up to 64G of VRAM would be used by the SRXPFE. Any allocated memory 
in excess of 64G would be assigned to system memory and would not be used for maintaining flow sessions 


information. 
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Table 48: Recommended vCPU and vRAM Combinations 


vCPU Number 


17 


vRAM Size (G) 


16 


32 
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NOTE: On a deployed vSRX, only memory scale up is supported. Scaling down memory ona 


deployed vSRX, is not supported. If you need to scale down memory, then a fresh install is 


required. 


user@host> show chassis hardware 


Hardware inventory: 


Item 


Chassis 


Midplane 


Version Part number 


System IO 


Routing 
mec © 
PAS 10) 





Engine 


Power Supply 0 


| show chassis hardware clei-models 


show chassis hardware clei-models 
(SRX5600 and SRX5800 devices with SRX5000 line SRX5K-SCBE [SCB2] and SRX5K-RE-1800X4 [RE2]) 


Serial number 


806dddb1al141 


user@host> show chassis hardware clei-models node 1 


nodel: 


Description 


VSRX 


VSRX-2CPU-8G memory 
Ee 
VSRX DPDK GE 








item 
idplane 
FPM Board 
PEM 0 

PEM 1 











Gs © 
CB al 
cB 2 
eC 10) 
CRU) 
eC. I 
(C12) 
ERC 2 
CPU 
ae 3) 
MIC 0 
MOC AL 
FPC 4 
CPU 
PRC 7 
CPU 
BEIGSS 
MIC 0 
BEC ©) 
CPU 
PC Ae 
CPU) 


Fan Tray 0 





Fan Tray 1 


Routing Engine 0 


Version 


XX DD 


irl 
= 


Hardware inventory: 





H —  & 
5 4 = = 


ie 
< 


irl 
= 


ie 
& 


ie 
< 


ie 
& 


irl 
= 


ie 
= 


ie 
< 


irl 
= 


ie 
< 


ie 
< 





ie 
& 


O01 
O01 
04 
05 
Oa 
O01 
O01 
O01 
18 


18 


18 


alas 


05 


04 


18 


18 


alls 


05 


ks 


18 


04 
04 


Part number 
710-024803 
710-024632 
740-034724 
740-034724 
740-056658 
750-056587 
TIO-OS6 58 7) 
750-056587 
750-054877 
BUILTIN 
750-054877 
BUILTIN 
750-054877 
BUILTIN 
750-043157 
750-049486 
750-049488 
750-054877 
BUILTIN 
750-054877 
BUILTIN 
750-043157 
750-049486 
750-054877 
BUILTIN 
750-054877 
BUILTIN 
740-035409 
740-035409 




















CLI 


CO 
CO 
CO 
CO 
CO 


CO 


CO 


CO 


CO 


CO 


CO 


CO 


CO 


CO 


CO 


CO 





U 


U 


U 


U 


U 


U 


U 


U 


U 


U 


U 


U 


U 


U 


U 








U 


EI code 


CATTBAA 
CATSBAA 
CATSBAA 
CATSBAA 
CATLBAA 


CATLBAA 


CATLBAA 


IBCWBAA 


IBCYBAA 


IBCXBAA 


CATLBAA 


CATLBAA 


IBCWBAA 


IBCYBAA 


CATLBAA 


CATLBAA 


n 


n 


(dp top {dp} 


(py 1e) 


RU model number 
RX5800-BP-A 
RX5800-CRAFT-A 
RX5800-PWR-4100-AC 
RX5800-PWR-4100-AC 
RX5K-RE-1800X4 
RXoka oes 
RX5K-SCB 
RXoOka oes 
VGK—SLC—4= 153,20) 





Ea 


Ea 





Ea 


RX OLGA lea 10) 


BUKSIN= SIPC =—4= 1 5 = 3.20) 


RX5K-MPC 

BUX = MIC =I OE Cis 2 
RX-MEC—-10XG-SEPP 
RSIS SIC =A = 1 5 = 3-20) 


RKTIN= SPC =4= 15 = 3:20) 


RX5K-MPC 


BU = MIC =D AL Ole Cis 
BOS IK OIG leo 740) 





BRK SA—SPC=—4=15= 3.2.0) 


RX5800-HC-FAN 





RX5800-HC-FAN 
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| show ethernet-switching mac-learning-log 


Syntax 


show ethernet-switching mac-learning-log 


Release Information 

Command introduced in Junos OS Release 9.0 for EX Series switches. 
Command introduced in Junos OS Release 9.5 for SRX Series devices. 
Command introduced in Junos OS Release 11.1 for the QFX Series. 


Description 


Displays the event log of learned MAC addresses. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


show ethernet-switching table | 800 

show ethernet-switching interfaces 

show ethernet-switching table | 800 

show ethernet-switching interfaces 

Example: Setting Up Basic Bridging and a VLAN for an EX Series Switch 
Example: Setting Up Bridging with Multiple VLANs for EX Series Switches 





Example: Connecting an EX Series Access Switch to a Distribution Switch 


List of Sample Output 

show ethernet-switching mac-learning-log (EX Series switch) on page 796 

show ethernet-switching mac-learning-log (QFX Series Switches, QFabric, NFX Series Devices and 
EX4600) on page 797 

show ethernet-switching mac-learning-log (SRX Series devices) on page 797 


Output Fields 
Output fields for EX Series switches: 


The following table lists the output fields for the show ethernet-switching mac-learning-log command. 
Output fields are listed in the approximate order in which they appear. 
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Table 49: show ethernet-switching mac-learning-log Output Fields 


Field Name 


Date and Time 


vlan_name 


MAC 


Deleted | Added 


Blocking 


Flags 


Field Description 


Timestamp when the MAC address was added or deleted from the log. 


VLAN name. A value defined by the user for all user-configured VLANs. 


Learned MAC address. 


MAC address deleted or added to the MAC learning log. 


The forwarding state of the interface: 


e blocked—Traffic is not being forwarded on the interface. 


e unblocked—Traffic is forwarded on the interface. 


Displays the MAC address flags in which the MAC event occurred. This option is for debugging 


purposes. 


Output fields for QFX Series switches, QFabric, NFX Series devices and EX4600: 


Table 50 on page 795 lists the output fields for the show ethernet-switching mac-learning-log command. 


Output fields are listed in the approximate order in which they appear. 


Table 50: show ethernet-switching mac-learning-log Output Fields 


Field Name 


Date and Time 


vlan_name 


MAC 


Event op 


Interface Name 


Flags 


Field Description 


Timestamp in UTC when the MAC operation occurred. 


VLAN name. A value defined by the user for all user-configured VLANs. The name of the VLAN 
on which the MAC is learned. 


Learned MAC address. 


MAC address that are added, learned, deleted, changed or moved from one interface to another 


interface. 


The name of the interface on which the MAC address is learned. When a MAC address is moved, 
there is another field with the name of the interface. The log displays the name of the interface 
from where the MAC address moved, and the name of the interface to where the MAC address 


moved. 


Displays the MAC address flags in which the MAC event occurred. This option is for debugging 


purposes. 
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Output fields for SRX Series devices: 


Table 51 on page 796 lists the output fields for the show ethernet-switching mac-learning-log command 


on SRX Series devices. Output fields are listed in the approximate order in which they appear. 


Table 51: show ethernet-switching-mac-learning-log Output Fields 


Field Name 


Date and Time 


VLAN-IDX 


MAC 


Deleted | Added 


Blocking 


Field Description 


Timestamp when the MAC address was added or deleted from the log. 


VLAN index. An internal value assigned by Junos OS for each VLAN. 


Learned MAC address. 


MAC address deleted or added to the MAC learning log. 


The forwarding state of the interface: 


e blocked—Traffic is not being forwarded on the interface. 


e unblocked—Traffic is forwarded on the interface. 


| Sample Output 


show ethernet-switching mac-learning-log (EX Series switch) 


user@switch> show ethernet-switching mac-learning-log 


oO 


oO 


oO 


Vv 








oO 


Vv 


n Feb 25 


lan_name 


n Feb 25 


lan_name 
n Feb 25 
lan_name 


n Feb 25 





lan_name 


OETA IO SmeA010S 

vl mac 00:00:00:00:00:00 was deleted 

OR OMEO mez 0.0.3 

v9 mac 00:00:00:00:00:00 was deleted 
OOM sO mez 0.08 

HR_vlan mac 00:00:00:00:00:00 was deleted 
OSsOT EOS BOOS 

Ome lctCmnO ONTO Ok nOOrnOlOl OOO OM wictsmcleociecc 
08:07:05 2008 

vl2 mac 00:00:00:00:00:00 was deleted 
OOM Oo meZ 0,08 

WIS MAS OOSOOSWOSOOSOOsSOO was cloileicscl 
OSTEO Se Z0108 

sales_vlan mac 00:00:00:00:00:00 was deleted 
OR OMEO Saez 0.0.8 

employeel mac 00:00:00:00:00:00 was deleted 


We 


We 


Vv 


Vv 


Vv 


Vv 


Vv 


We 








Vv 


on Feb 25 
lan_name 
on Feb 25 
lan_name 
on Feb 25 
lan_name 
on Feb 25 
lan_name 
on Feb 25 
lan_name 
on Feb 25 
lan_name 
on Feb 25 
lan_name 
on Feb 25 
lan_name 


on Feb 25 





lan_name 


USO 70S eZ 008 


employee2 mac 00:00:00:00:00:00 was deleted 


OssO7 EOS 2OOS 


v3 mac 00:00:00:00:00:00 was added 


08:07:05 2008 


HR_vlan mac 00:00:00:00:00:00 was added 


08:07:05 2008 


employee2 mac 00:00:00:00:00:00 was added 


OssO7sOS 2OOE 


employeel mac 00:00:00:00:00:00 was added 


WSsO7 EOS ZOoKs 


employee2 mac 00:00:05:00:00:05 was learned 


OS O TOD eZ 0108 





employeel mac 00:30:48:90:54:89 was learned 


OssO7eOS 20S 


HR_vlan mac 00:00:5e:00:01:00 was learned 


08:07:05 2008 


sales_vlan mac 00:00:5e:00:01:08 was learned 


[output truncated] 


show ethernet-switching mac-learning-log (QFX Series Switches, QFabric, NFX Series Devices and 
EX4600) 


user@switch> show ethernet-switching mac-learning-log 








on Jun 30 
1/0/2250) with £1 
on Jun 30 
L/O/22.,0 watitla el 
on Jun 30 
18/2 2on Ole weiss leet 
on Jun 30 
L/O/22.0 waeln iI 
on Jun 30 
L/O0/22.0 wwatiela il 
on Jun 30 
1/0/22.0 to ge-1/0/21 
on Jun 30 13:54:24 2014 vl 
10/0)/ ZA Omwatt het lacs Ox2ik 








13:49:49 2014 
ags: 
Isgsds2o 2OL4 
ags: 
Sig Syl & 
ags: 
13:51:46 2014 
ags: 


Iss 52803 2014 





ags: 


IseSz2eili 2014 





a static address 


vilan_name 


Ox2001f 


vilan_name 


0x1080 


0x2013f 


vlan_name vll1+1 


Ox1 


120 


vlan_name vl1l1+1 


Ox2001f 


vlan_name vll1+l 


50) Waitin itilagss 





LSE 


<< 


28 2014 vlan_name 


Wilisrilil mic Os 


10:94:00:00:02 was learned on 


<< MAC address that as dynamically learned 


WilalaPilil imeve: (ON) ¢ 


10:94:00:00:02 was deleted from 


MAC address that was deleted 


wAlilsrilil imeEc Os 


K< Stace 


<< delete of Sta 


an_name vll1+l1 


imac OOR 


00:00:01:01:01 was added to 
AC address that was added 


1 mac 00:00:00:01:01:01 was deleted from 





tic MAC address that was deleted 
10:94:00:00:02 was learned on 


<< MAC address that was dynamically learned 


1 mac 00: 
Ose2 iL OiLse 
il ine: OO): 








10:94:00:00:02 was moved from 
<< MAC address that was moved 


10:94:00:00:02 was changed on 


<< MAC address that changed from a dynamic address 


show ethernet-switching mac-learning-log (SRX Series devices) 


user@host> show ethernet-switching mac-learning-log 
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W 


@@8¢ Sd e484 S8¢ S84 S8¢ Rd eae eaeg eat et etc aedaeagee ade 4 Bd Se 


ed Mar 1 


lan_idx 


lan_idx 


lan_idx 


lan_idx 


lan_idx 


lan_idx 


lan_idx 


lan_idx 


lan_idx 


lan_idx 


lan_idx 


lan_idx 


lan_idx 








0) 
(Bh, 


Que 





lan_idx 


8 
7 
18 
9 


LOM SCOR I Oo ON OOm n= 





18 


18 


18 


18 


18 


18 


18 


18 


18 


18 


18 


18 


18 


18 


18 


18 

















Oe OME 0 See2 0.09 
mac OOSOOsSSEsOUsSS3O0 twas clheailleescl 
OS3O7TEOS 2O0OY 
mae OOSOMOSSRSOOSSS 300) wes cleikeecel 
OOM OD meZ 009 

LORmac OOP V0 Sr aOR SS 00m wasmdelicecd 
ORE OMe sO ome OOS 

11 mac 00:00:5EF:00:53:00 was deleted 
OSEOTE TO ome 009 

LA mee OO SOWOSSESOOsSdSssOO was cleilececl 
Oe OmEO EEA 009 

13 mac 00:00:5EF:00:53:00 was deleted 
Oe OMEO mez 009 

(Me MacmO OOO ori OUL Sr OOmwasmoa ke toc 
OS8O7TEOH 2009 

(SmMaCmO OOOH OUR SO Omwalcmc Ct oc! 
08:07:05 2009 

lommacwOO 00k Sr AOR SS 00 Rwasmdeliceed 
OB OM 0 SIZ 0109 
Maco OR OO MSE OO SS O0mwasmacddec 
OSE OME ome OOS 
Maco OOO RSE AO0R SS - O0Mwasmacddec 
OE OMOEA 009 
mac 00:00:5E:00:53:00 was added 
OE OMEO Saez 009 
MclCaO Oks OOh oP OO oS OlOmwicicmciclalec! 
OSsO7T 805 20O® 

LOMmacmO OOO Shi OO oS OOmwasmeacddc cl 
ORONO SIeZ 009 

(smac MOO MOOR EAU oS U0 Mwasmeadcded 
OOM 10 aae2 0,09 

12> mae 0.0% 00: SE) 0053500 was added 
OSEOME ome OOo 

13 mac 00:00:5E:00:53:00 was added 
Oe OME sO mez 009 

14 mac 00:00:5E:00:53:00 was added 
Oe OMEO a ieZ 009 

Sema OO OOS ki OO Se OO mwasmadde di 
OSsO7T8OH 2009 

16 mac 00:00:5E:00:53:00 was added 
OE OMe Ome 009 

DeMacm OO OOo Ry OOS U0Mwesmacddec! 
OOM 0 DeeZ 009 


18 


18 mac 00:00:5EF:00:53:AA was learned 
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Wed Mar 1 


lan_idx 


lan_idx 


ed Mar 


lan_idx 


lan_idx 


lan_idx 








oO 
Q. 


ar 


S28 538 882888 3 
Q 





iemmntelss 


ed Mar 1 


ene il 


8 
5 
8 
6 
le O83s07805 2009 
‘lL 
8 
7 
ed Mar 18 
8 





Oe OMEO See2 0.09 
mac 00:00:5EH:00:53:AB was learned 
OS8O7TEOS 2oO® 
MACmO ORO Oneal OOns too e15 Cmmwiclo mm ee crete Cl 





Cemac OOOO Sr OUR SS ADE wasmelkcaraned, 
OREM EO ome OOS 
mac 00:00:5EF:00:53:AE was learned 
WS207 805 2009 
mac 00:00:5EF:00:53:AF was learned 











DESMO SiO) 7es0 oe 010)9) 





12 mac 00:00:5EF:00:53:AG was learned 


[output truncated] 
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| show ethernet-switching table 


List of Syntax 

Syntax (QFX Series, QFabric, NFX Series and EX4600) on page 800 
Syntax (EX Series) on page 800 

Syntax (EX Series, MX Series and QFX Series) on page 800 

Syntax (SRX Series) on page 800 


Syntax (QFX Series, QFabric, NFX Series and EX4600) 


show ethernet-switching table 
<brief | detail | extensive | summary> 
<interface interface-name> 
<management-vlan> 

<sort-by (name | tag)> 


<vlan vian-name> 


Syntax (EX Series) 


show ethernet-switching table 

<brief | detail | extensive | summary> 
<interface interface-name> 
<management-vlan> 

<persistent-mac <interface interface-name>> 
<sort-by (name | tag)> 


<vlan vian-name> 


Syntax (EX Series, MX Series and QFX Series) 


show ethernet-switching table 

<brief | count | detail | extensive | summary> 
<address> 

<instance instance-name> 

<interface interface-name> 

isid isid 

<logical-system logical-system-name> 
<persistent-learning (interface interface-name | mac mac-address)> 
<address> 

<vlan-id (all-vlan | vian-id)> 

<vlan-name (all | vian-name)> 


Syntax (SRX Series) 


800 


801 


show ethernet-switching table (brief |detail |extensive) interface interface-name 


Release Information 

Command introduced in Junos OS Release 9.0 for EX Series switches. 

Command introduced in Junos OS Release 9.5 for SRX Series. 

Options summary, management-vlan, and vlan vian-name introduced in Junos OS Release 9.6 for EX Series 
switches. 

Option sort-by and field name tag introduced in Junos OS Release 10.1 for EX Series switches. 
Command introduced in Junos OS Release 11.1 for the QFX Series. 

Output for private VLANs introduced in Junos OS Release 12.1 for the QFX Series. 

Option persistent-mac introduced in Junos OS Release 11.4 for EX Series switches. 

Command introduced in Junos OS Release 12.3R2. 

Command introduced in Junos OS Release 12.3R2 for EX Series switches. 

Options logical-system, persistent-learning, and summary introduced in Junos OS Release 13.2X50-D10 
(ELS). 

Output for shared VXLAN load balancing next hop (SVLBNH) and VXLAN encapsulated next hop (VENH) 
introduced in Junos OS Release 20.3R1 for QFX5XXX switches. 


Description 


Displays the Ethernet switching table. 


(MX Series routers,EX Series switches only) Displays Layer 2 MAC address information. 


Options 
For QFX Series, QFabric, NFX Series and EX4600: 


none—(Optional) Display brief information about the Ethernet switching table. 

brief | detail | extensive | summary—(Optional) Display the specified level of output. 

interface interface-name—(Optional) Display the Ethernet switching table for a specific interface. 
management-vlan—(Optional) Display the Ethernet switching table for a management VLAN. 


persistent-mac <interface interface-name>—(Optional) Display the persistent MAC addresses learned for 
all interfaces or a specified interface. You can use this command to view entries that you want to clear 
for an interface that you intentionally disabled. 


sort-by (name | tag)—(Optional) Display VLANs in ascending order of VLAN IDs or VLAN names. 
vian vian-name—(Optional) Display the Ethernet switching table for a specific VLAN. 
For EX Series, MX Series and QFX Series: 


none—Display all learned Layer 2 MAC address information. 
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brief | count | detail | extensive | summary—(Optional) Display the specified level of output. 
address—(Optional) Display the specified learned Layer 2 MAC address information. 


instance instance-name—(Optional) Display learned Layer 2 MAC addresses for the specified routing 
instance. 


interface interface-name—(Optional) Display learned Layer 2 MAC addresses for the specified interface. 
isid isid—(Optional) Display learned Layer 2 MAC addresses for the specified ISID. 


logical-system logical-system-name—(Optional) Display Ethernet-switching statistics information for the 
specified logical system. 


persistent-learning (interface interface-name | mac mac-address)—(Optional) Display dynamically learned 
MAC addresses that are retained despite device restarts and interface failures for a specified interface, 
or information about a specified MAC address. 


vian-id (all-vlan | vian-id)—(Optional) Display learned Layer 2 MAC addresses for all VLANs or for the 
specified VLAN. 


vlan-name (all | vian-name)—(Optional) Display learned Layer 2 MAC addresses for all VLANs or for the 
specified VLAN. 


For SRX Series: 


e none—(Optional) Display brief information about the Ethernet switching table. 
e brief | detail | extensive—(Optional) Display the specified level of output. 


e interface-name—(Optional) Display the Ethernet switching table for a specific interface. 


Additional Information 


When Layer 2 protocol tunneling is enabled, the tunneling MAC address 01:00:0c:cd:cd:dO is installed in 
the MAC table. When the Cisco Discovery Protocol (CDP), Spanning Tree Protocol (STP), or VLAN Trunk 
Protocol (VTP) is configured for Layer 2 protocol tunneling on an interface, the corresponding protocol 
MAC address is installed in the MAC table. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


Example: Setting Up Basic Bridging and a VLAN on Switches 
Example: Setting Up Bridging with Multiple VLANs 
Example: Setting Up Basic Bridging and a VLAN for an EX Series Switch 
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Example: Setting Up Bridging with Multiple VLANs for EX Series Switches 
Example: Setting Up Q-in-Q Tunneling on EX Series Switches 
Dynamic Load Balancing in an EVPN-VXLAN Network 


clear ethernet-switching table 





show ethernet-switching mac-learning-log | 794 


List of Sample Output 

show ethernet-switching table (Enhanced Layer 2 Software on QFX Series, QFabric, NFX Series and 
EX460) on page 807 

show ethernet-switching table (QFX5XXX switches, SVLBNH/VENH field) on page 809 

show ethernet-switching table (QFX Series, QFabric, NFX Series and EX460) on page 810 

show ethernet-switching table (Private VLANs on QFX Series, QFabric, NFX Series and EX460) on page 811 
show ethernet-switching table brief (QFX Series, QFabric, NFX Series and EX460) on page 812 
show ethernet-switching table detail (QFX Series, QFabric, NFX Series and EX460) on page 812 
show ethernet-switching table extensive (QFX Series, QFabric, NFX Series and EX460) on page 814 
show ethernet-switching table interface (QFX Series, QFabric, NFX Series and EX460) on page 816 
show ethernet-switching table (EX Series switches) on page 817 

show ethernet-switching table brief (EX Series switches) on page 817 

show ethernet-switching table detail (EX Series switches) on page 818 

show ethernet-switching table extensive (EX Series switches) on page 819 

show ethernet-switching table persistent-mac (EX Series switches) on page 819 

show ethernet-switching table persistent-mac interface ge-0/0/16.0 (EX Series switches) on page 820 
show ethernet-switching table (EX Series, MX Series and QFX Series) on page 820 

show ethernet-switching table brief on page 822 

show ethernet-switching table count on page 823 

show ethernet-switching table extensive on page 825 

show ethernet-switching table detail (SRX Series) on page 826 

show ethernet-switching table extensive (SRX Series) on page 828 

show ethernet-switching table interface ge-0/0/1 (SRX Series) on page 829 


Output Fields 
For QFX Series, QFabric, NFX Series and EX4600: 


The following table lists the output fields for the show ethernet-switching table command on QFX Series, 
QFabric, NFX Series and EX4600. Output fields are listed in the approximate order in which they appear. 


Table 52: show ethernet-switching table Output Fields 


Field Name Field Description Level of Output 
VLAN Name of a VLAN. All levels 


MAC address MAC address associated with the VLAN. All levels 


Table 52: show ethernet-switching table Output Fields (continued) 


Field Name 


Type 


Age 


Interfaces 


Learned 


Field Description 


Type of MAC address: 


e static—The MAC address is manually created. 


e learn—The MAC address is learned dynamically from a packet's source 
MAC address. 


e flood—The MAC address is unknown and flooded to all members. 


Time remaining before the entry ages out and is removed from the 
Ethernet switching table. 


Interface associated with learned MAC addresses or with the All-members 


option (flood entry). 


For learned entries, the time at which the entry was added to the Ethernet 
switching table. 


For EX Series switches: 
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Level of Output 


All levels 


All levels 


All levels 


detail, extensive 


The following table lists the output fields for the show ethernet-switching table command on EX Series 
switches. Output fields are listed in the approximate order in which they appear. 


Table 53: show ethernet-switching table Output Fields 


Field Name 


VLAN 


Tag 


MAC or MAC 
address 


Type 


Field Description 


The name of a VLAN. 


The VLAN ID tag name or number. 


The MAC address associated with the VLAN. 


The type of MAC address. Values are: 


e static—The MAC address is manually created. 


e learn—The MAC address is learned dynamically from a packet's source 
MAC address. 


e flood—The MAC address is unknown and flooded to all members. 


e persistent—The learned MAC addresses that will persist across restarts 
of the switch or interface-down events. 


Level of Output 


All levels 


extensive 


All levels 


All levels except 
persistent-mac 
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Table 53: show ethernet-switching table Output Fields (continued) 


Field Name Field Description Level of Output 


Type The type of MAC address. Values are: persistent-mac 


e installed—addresses that are in the Ethernet switching table. 

e uninstalled—addresses that could not be installed in the table or were 
uninstalled in an interface-down event and will be reinstalled in the 
table when the interface comes back up. 


Age The time remaining before the entry ages out and is removed from the All levels 
Ethernet switching table. 

Interfaces Interface associated with learned MAC addresses or All-members (flood All levels 
entry). 

Learned For learned entries, the time which the entry was added to the Ethernet detail, extensive 


switching table. 
Nexthop index The next-hop index number. detail, extensive 


persistent-mac installed indicates MAC addresses that are in the Ethernet switching 
table and uninstalled indicates MAC addresses that could not be installed 
in the table or were uninstalled in an interface-down event (and will be 
reinstalled in the table when the interface comes back up). 


For EX Series, MX Series and QFX Series: 


The table describes the output fields for the show ethernet-switching table command on EX Series, MX 
Series and QFX Series. Output fields are listed in the approximate order in which they appear. 


Table 54: show ethernet-switching table Output fields 


Field Name Field Description 
Routing instance Name of the routing instance. 
VLAN name Name of the VLAN. 


MAC address MAC address or addresses learned on a logical interface. 
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Table 54: show ethernet-switching table Output fields (continued) 


Field Name 


MAC flags 


Age 


Logical interface 


SVLBNH/VENH 
Index 


Active source 


MAC count 


Learning interface 


Learning VLAN 


Layer 2 flags 


Epoch 


Sequence number 


Field Description 


Status of MAC address learning properties for each interface: 


e S—Static MAC address is configured. 
e D—Dynamic MAC address is configured. 
L—Locally learned MAC address is configured. 


e SE—MAC accounting is enabled. 
e NM—Non-configured MAC. 
R—Locally learned MAC address is configured. 


This field is not supported. 


Name of the logical interface. 


NOTE: This field appears on QFX5XXX switches that support dynamic 
load balancing in an EVPN-VXLAN network. 


Next hop index number associated with the MAC address of a 
multihomed remote device in an EVPN-VXLAN network. This index 
number appears when the Logical Interface column displays esi.nnnn. 
The index number can be an SVLBNH, a VENH, or a remote virtual 
tunnel endpoint (VTEP). To get more information about SVLBNHs, 
VENHs, and remote VTEPs, see show ethernet-switching 
vxlan-tunnel-end-point svlbnh. 


IP address or Ethernet segment identifier (ESI) of remote entity on 
which MAC address is learned. 


Number of MAC addresses learned on the specific routing instance or 


interface. 


Name of the logical interface on which the MAC address was learned. 


VLAN ID of the routing instance or VLAN in which the MAC address 
was learned. 


Debugging flags signifying that the MAC address is present in various 
lists. 


Spanning-tree-protocolepoch number identifying when the MAC 


address was learned. Used for debugging. 


Sequence number assigned to this MAC address. Used for debugging. 
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Table 54: show ethernet-switching table Output fields (continued) 


Field Name Field Description 


Learning mask Mask of the Packet Forwarding Engines where this MAC address was 
learned. Used for debugging. 


IPC generation Creation time of the logical interface when this MAC address was 
learned. Used for debugging. 


For SRX Series: 


Table 55 on page 807 lists the output fields for the show ethernet-switching table command. Output fields 
are listed in the approximate order in which they appear. 


Table 55: show ethernet-switching table Output Fields 


Field Name Field Description 

VLAN The name of a VLAN. 

MAC address The MAC address associated with the VLAN. 
Type The type of MAC address. Values are: 


e static—The MAC address is manually created. 


e learn—The MAC address is learned dynamically from a packet's source MAC 
address. 


e flood—The MAC address is unknown and flooded to all members. 


Age The time remaining before the entry ages out and is removed from the Ethernet 
switching table. 


Interfaces Interface associated with learned MAC addresses or All-members (flood entry). 
Learned For learned entries, the time which the entry was added to the Ethernet switching 
table. 


| Sample Output 


show ethernet-switching table (Enhanced Layer 2 Software on QFX Series, QFabric, NFX Series and 
EX460) 


user@switch> show ethernet-switching table 


MAC flags (S - static MAC, D - dynamic MAC, 


static 





—- ovsdb MAC) 





Routing instance 
Vian 
name 


vlanl 


vilanl 


MAC flags (S - static MAC, 


Sipcise 





—- ovsdb MAC) 





Routing instance 
Vian 
name 


vilanlo 


vilanlo 


MAC Hella Sam (Gules cienkemMAGr 


Siecle 





— ovsdb MAC) 





Vian 
name 


vlan2 


vlan2 
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L - locally learned, P 


SE - statistics enabled, NM —- non configured MAC, 





Ethernet switching tabl 


SE - statistics enabled, NM 


Ethernet switching table 


SE - statistics enabled, NM 


2 entries, 2 learned 


default-—switch 


MAC 
address 
lp 2 COS Sas cas Sa 3 Oil 


lox 2eCG89ascas 3es0S 


D - dynamic MAC, 


MAC Age 
flags 


Persistent 


R - remote PE MAC, O 





Logical 
interface 


ael.0 


ael.0 





L - locally learned, P 


— non configured MAC, 


2 entries, 2 learned 


default-switch 


MAC 
address 
bOMccraica:se7 On 


bOMcCrSarica: se 0s 


D - dynamic MAC, 


MAC Age 
flags 


Persistent 


R -—- remote PE MAC, O 





Logical 
interface 


ael.0 


ael.0 





L - locally learned, P 


— non configured MAC, 


2 entries, 2 learned 





Ethernet switching tabl 


Routing instance 


default-—switch 


MAC 
address 
lo Ses Jagcers Seg OL 


loses Jageas Ses 03 


MAC Nels) 
flags 
D — 


D = 


Persistent 


R - remote PE MAC, O 





Logical 
interface 


ael.0 


ael.0 





MAC flags (S - static MAC, D —- dynamic MAC, L - locally learned, P 
Siecleele 
SE - statistics enabled, NM — non configured MAC, 
—- ovsdb MAC) 
Ethernet switching tabl : 2 entries, 2 learned 





Routing instance 








Vian MAC MAC Age 
name address flags 
vian3 lo Ses Vageas Ses Oi D = 
vian3 bOMccraica: se 0s D = 
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P 
Sialic 
SE - statistics enabled, NM —- non configured MAC, 
— ovsdb MAC) 
Ethernet switching table : 2 entries, 2 learned 
Routing instance default-switch 
Vian MAC MAC Age 
name address flags 
vian4 bOMccSaica:se 70m D = 
vilan4 lo ees Yageas seeOs D = 
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default-—switch 


Persistent 


R -—- remote PE MAC, O 





Logical 
interface 


ael.0 


ael.0 








show ethernet-switching table (QFX5XXX switches, SVLBNH/VENH field) 


user@switch> show ethernet-switching table 


MAC flags 


static 





—- ovsdb MAC) 





Routing instance 
Vian 
Active 


name 


(S = static MAC, 


Ethernet switching table 


16 entries, 


default-—switch 


MAC 


address 


D - dynamic MAC, 


Persistent 


R - remote PE MAC, O 





Logical 
interface 


ael.0 


ael.0 





SE - statistics enabled, NM —- non configured MAC, 


16 learned 
MAC Logical 
flags interface 


L - locally learned, P 


Persistent 


R -—- remote PE MAC, O 





SVLBNH/ 
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Index source 

vlanBLACK OW SOO s Ses 00) 3 5.558 Oa DR esi.1773 1782 
OSLO OT OO Ore aoe OOF OO OOr too 1010 

vlanBLACK CUROOR Se 00 S702 DR esi.1773 LIZ 
OSEO OOOO Ai at OOF OOOO 6 S:1010 

vlanBLACK WOO SOWSSEes OWS 53380 D vtep.32772 
10.00.51 

vlanBLACK 00:00:5e:00:53:dd D vtep.32769 
10,0 i154 

vlanBLUE OUR OURS OOS Onl DR Sia . 774 SA 
WS F200 LOO 3023 Sa sOOsWOsWOs oe sow 

vlanBLUE OURDUE SEE 00S 02 DR esi.1772 LS2 
OSE OOOO ZA ar OUT AO OO OIGi6) 21010 

vlanBLUE OOOO SEO 2537180 D vtep.32772 
10,0,0.i 

vlanBLUE OOOO Se 00 sos dd D vtep.32769 
100,151 

vlanGREEN 00:00:5e:00:53:01 DR esi.1774 LVSZ 
OSE OOOO Ai9 ct OOOO OO Gr 1010 

vlanGREEN OO SOOs ses O03 53302 DR esi.1774 ISA 
OS2OOsOOsUZs GasOOsOOsOOs ors Oe 

vlanGREEN OOMOOsSe/O02 537780 D vtep.32772 
10.05,0.2 

vlanGREEN 00:00:5e:00:53:dd D vtep.32769 
10.0 ,1.2 

vlanRED 00:00:5e:00:53:01 DR esi.1771 DS 2 
O52 008002025 VasOOsOOsOOs O52 00 

vlanRED OOOO Ses00k 537102 DR eseaede val DiS 
OS OOF IO 0 259 ct OOF OOO OG oi1010 

vlanRED OOOO: Se: 00353780 D vitep.327 7/2 
100,051 


show ethernet-switching table (QFX Series, QFabric, NFX Series and EX460) 


user@switch> show ethernet-switching table 





Ethernet-switching table: 57 entries, 17 learned 


VLAN MAC address Type Age Interfaces 
E2 a Flood - All-members 
F2 00:00:05:00:00:03 Learn 0 xe-0/0/44.0 
F2 Oe LIee2ea03 Ielee) iSieeheie SeRO User 
Linux OF Flood - All-members 
Linux OUT :e2). 503 7dse0) State = IRE SIE 





Linux 00:30:48:90:54:89 Learn 0 xe-0/0/47.0 


| 
oe Ss & 


wii 
arabia 
await 





T4 
T4 
T4 





[output truncated] 


00: 
00: 
00: 
00: 


00: 


CORE 
CORE 


CO 
(ON(0) gL 
OO 


00: 
00: 
00: 


00: 
00: 
00: 


00: 
Or 


00: 
00: 
SOEs 
ILg)2 





00: 
ee 
ye 


00: 
is 
i Sye 


00: 
ILS)g 


O58 
Der 
e2: 
e2: 


:5e: 
:e2: 
:e2: 


:e2: 
:e2: 
:e2: 


5e: 
e2: 
e2: 


5e: 
e2: 
e2: 


5e: 
e2: 


00: 
00: 
50: 
SWS 


OOF 
a018 
508 


D08 
DOs 
a08 


00: 
3)0)8 
DOs 


OOF 
50 
508 


LORS 
DOg 


00: 
Os 
53e 
Wick 


il 
S38 
wicks 


63s 
icles 


ac: 


Oly: 
6sk 
icles 


(Al 
6st 
Td: 


Oak: 
63% 


@al 


00 


e0 1 


e0 


09 
e0 
e0 


e0 
e0 
00 


O01 
e0 
e0 


02 
e0 
e0 


03 
e0 





Seeing 








ERIEILC 
Flood 
Learn 


Simalenae 





Learn 
Flood 
Balan: 
earn 
ENE Le 
lood 


ELS 


(py Teal top) feet te) s)he 
t t ct 
i) 
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All-members 
xe-0/0/46.0 
Router 
xe-0/0/46.0 
Router 
All-members 
Router 
xe-0/0/46.0 


ROuUtLeE 





All-members 
xe-0/0/15.0 
Router 
xe-0/0/15.0 
All-members 
Router 
xe-0/0/46.0 
Router 
All-members 
Router 
xe-0/0/46.0 
Router 


All-members 





ROULCrE 
xe-0/0/46.0 


show ethernet-switching table (Private VLANs on QFX Series, QFabric, NFX Series and EX460) 


user@switch> show ethernet-switching table 





VLAN 
pvlan 
pvilan 
pvilan 
pvilan 
C2 

e2 

cl 

cl 





Ethernet-switching tabl 


MAC 


* 


Oa 
OG)s I 
CORA 


* 


COR 


* 


OG) S IL 


10 


ntri 


3 learned 





address 





294 


294 


294 


oA 


Ox 





94 


OlOke 


ca Ol Oks 


010k 


700% 


ca Obs 


pvlan_pvlan_xe-0/0/46.0__ * 


pvlan_pvlan_xe-0/0/46.0__ 00:10:94:00:00:35 Learn 





00: 


00: 


Or 


00: 


00: 


Ss, 


02 


38) 


46 


02 


46 


Type 

Flood 
Replicated 
Replicated 
Replicated 
Flood 
Learn 


Flood 





Learn 


Flood 


Interfaces 
All-members 

- xe-0/0/28.0 

-— xe-0/0/46.0 

- xe-0/0/4.0 
All-members 
xe-0/0/28.0 
All-members 
xe-0/0/4.0 
All-members 

0 xe-0/0/46.0 


812 


show ethernet-switching table brief (QFX Series, QFabric, NFX Series and EX460) 


user@switch> show ethernet-switching table brief 





Ethernet-switching table: 57 entries, 17 learned 



































VLAN MAC address Type Age Interfaces 
F2 "3 Flood All-members 
F2 00:00:05:00:00:03 Learn xe-0/0/44.0 
F2 OOPS Se7 a0 icdcOMStaere Rouber 
Linux i Flood All-members 
Linux 00:19:e2:50:7d:e0 Static Router 
Linux 00:30:48:90:54:89 Learn xe-0/0/47.0 
fl be Flood All-members 
T 00:00:05:00:00:01 Learn xe-0/0/46.0 
ak CORO OS e100 JON OOM Siearuc Router 
t 00:19:e2:50:63:e0 Learn xe-0/0/46.0 
a OMe LYee2ga03 Velee Sieeieie Router 
T10 oy Flood All-members 
T10 OG EOOS SSsOOs0leOS isicenese Router 
WLO 00:19:e2:50:63:e0 Learn xe-0/0/46.0 
T10 OO e750 scl sitalee Router 
Wilda ce Flood All-members 
slime 00:19:e2:50:63:e0 Learn xe-0/0/15.0 
await OWE Leer ea03 Veleel) Sieeieie Router 
sli elaTE 00:19:e2:50:ac:00 Learn xe-0/0/15.0 
UZ ts Flood All-members 
T2 OOLOOsESsOOsOLsOi Seaciwe Router 
WZ 00:19:e2:50:63:e0 Learn xe-0/0/46.0 
WZ 00:19:e2:50:7d:e0 Static Router 
13 ey Flood All-members 
ES) OGOEFOWOSSSsO0s0leO2 isieehese Router 
1S 00:19:e2:50:63:e0 Learn xe-0/0/46.0 
nS 00:19:e2:50:7d:e0 Static Router 
T4 we Flood All-members 
T4 COO 0 ORO OSM Sroec Router 
T4 00:19:e2:50:63:e0 Learn xe-0/0/46.0 





[output truncated] 


show ethernet-switching table detail (QFX Series, QFabric, NFX Series and EX460) 


user@switch> show ethernet-switching table detail 





Ethernet-switching table: 57 entries, 17 learned 
WD, 
0/0/44.0 





Interface(s): x 


Type: Flood 


Nexthop index: 


Bo UOS00 205.00 


0 


ORCS 
xe-0/0/44.0 





Interface(s): 


iyoes Learn, 


Nexthop index: 


B2, UOeDores 50: 


Interface(s): 


Type: Static 


Nexthop index: 


IAL ig. 8 


Age: 0, Learned: 2:03:09 


0 


7d:e0 


Router 


xe-0/0/47.0 





Interface(s): 


Type: Flood 


Nexthop index: 


IbaLines, MO)3 1S) see s 


Interface (s): 


Type: Static 


Nexthop index: 


imu, OOS Or A8s 


50:7d:e0 


Router 


90:54:89 
xe-0/0/47.0 





Interface(s): 


aivope> Learn, 


Nexthop index: 


Wil, 


Age: 0, Learned: 2:03:08 


0 





Interface(s): 


Type: Flood 


Nexthop index: 


TA, VOSUU SOS 2002 


xe-0/0/46.0 


0 


OOOH 
xe-0/0/46.0 





Interface(s): 


types Learn, 


Nexthop index: 


Ta, VOT OU Sse ce 


Interface (s): 


Type: Static 


Nexthop index: 


a1, UOT ser. 50. 


Age: 0, Learned: 2:03:07 


0 


OHE010 


Router 


0 


63:e0 


813 


814 


Interface(s): xe-0/0/46.0 





Type: Learn, Age: 0, Learned: 2:03:07 
Nexthop index: 0 


Wil, OOS Iye2 Ss 50s 7cleSO 
Interface(s): Router 
Type: Static 
Nexthop index: 0 


TiO, = 
Interface(s): xe-0/0/46.0 





Type: Flood 
Nexthop index: 0 


TiO) 002003 Se 700. 01204 
Interface(s): Router 
Type: Static 
Nexthop index: 0 


TiO, OOsIMse2 +50 c6S 2a 
Interface(s): xe-0/0/46.0 





Type: Learn, Age: 0, Learned: 2:03:08 
Nexthop index: 0 


T10, 00:19:e2:50:7d:e0 
Interface(s): Router 
Type: Static 
Nexthop index: 0 


Tia 
Interface(s): xe-0/0/15.0 





Type: Flood 
Nexthop index: 0 
[output truncated] 


show ethernet-switching table extensive (QFX Series, QFabric, NFX Series and EX460) 


user@switch> show ethernet-switching table extensive 





Ethernet-switching table: 57 entries, 17 learned 
ipa, 
Interface(s): xe-0/0/44.0 





Type: Flood 
Nexthop index: 0 


BO OSU 05.00% 


00:03 
xe-0/0/44.0 





Interface(s): 


Type: Learn, Age: 0, Learned: 2:03:09 


Nexthop index: 


w2, OOP se2 sSy0)s 
Interface (s) : 
IViSes SiceieL]S 
Nexthop index: 


Ibpligybbe, ts 


0 


7d:e0 


ROUtCSE 





Interface(s): 
Type: Flood 
Nexthop index: 


iamux,) OO oe2': 
Interface (s): 
Type: Static 
Nexthop index: 


initio, OOS SO). 4i)s 


xe-0/0/47.0 


50:7d:e0 


Router 


90:54:89 
xe-0/0/47.0 





Interface(s): 


Type: Learn, Age: 0, Learned: 2:03:08 


Nexthop index: 


Wil, = 


0 





Interface(s): 
Type: Flood 
Nexthop index: 


Ta. VOT OU SOSe008 


xe-0/0/46.0 


0 


00:01 
xe-0/0/46.0 





Interface(s): 


Type: Learn, Age: 0, Learned: 2:03:07 


Nexthop index: 


Tl, UOs0Us5e700: 
Interface (s): 
IVS SEUE LS 
Nexthop index: 


UL, OOrlOse2s 502 


0 


01:00 


Router 


0 


63:e0 
xe-0/0/46.0 





Interface(s): 


Type: Learn, Age: 0, Learned: 2:03:07 


815 


816 


Nexthop index: 0 


Hi, OOsleee2ss0ls 7cleeo 
Interface(s): Router 
Type: Static 
Nexthop index: 0 


WL, 3 
Interface(s): xe-0/0/46.0 





Type: Flood 
Nexthop index: 0 


T10, 002002 5e. 00301209 
Interface(s): Router 
IVOSs SiEBUE LS 
Nexthop index: 0 


T1l0, O0r19re2: 50263760 
Interface(s): xe-0/0/46.0 





Type: Learn, Age: 0, Learned: 2:03:08 
Nexthop index: 0 


TiO, OWSlYre2s 50s Vclgeo 
Interface(s): Router 
Type: Static 
Nexthop index: 0 


Sib eee 
Interface(s): xe-0/0/15.0 





Type: Flood 
Nexthop index: 0 
[output truncated] 


show ethernet-switching table interface (QFX Series, QFabric, NFX Series and EX460) 


user@switch> show ethernet-switching table interface xe-0/0/1 





Ethernet-switching table: 1 unicast entries 

VLAN MAC address Type Age Interfaces 
v1 oY Flood - All-members 
v1 00:00:05:00:00:05 Learn 0 xe-0/0/1.0 


show ethernet-switching table (EX Series switches) 


user@switch> show ethernet-switching table 





VLAN 
F2 

F2 

F2 
Linux 


Linux 





Linux 


| 
oe Ss & 


wii 
await 
wii 





T4 
T4 
T4 





[output truncated] 


* 


Ethernet-switching table: 


Sie nicaskes), 


MAC address 


OOOO 0S 00301008 


00: 


* 


00: 
00: 


* 


00: 
00: 
00: 
00: 


* 


00: 
COR 
CORE 


* 


OO)g IL 
OO 
Oia 


* 


00: 
00: 
00: 


* 


00: 
00: 
00: 


* 


00: 
Or 


iSye 


igs 
S08 


00: 
00: 
1g)2 
i§)2 





00: 
LG 
IS)g 


00: 
ie 
Ge 


00: 
ILS)g 


e2:50:7d:e0 


e2:50:7d:e0 
ASR ONO) Bae BS) 


OS OCR OO Os 
Ses OO sO soo 
S2 8503 6S eS0) 
SZ 8503 /Cleed) 


TOS HOO OMeOS) 
:e2:50:63:e0 
:e2:50:7d:e0 


:e€2:50:63:e0 I 
:e2:50:7d:e0 
:e2:50:ac:00 I 


5e:00:01:01 
e2:50:63:e0 
e2:50:7d:e0 


5e:00:01:02 
e2:50:63:e0 
e2:50:7d:e0 


5e:00:01:03 
e2:50:63:e0 


15 learned, 





Type 

Flood 
Learn 
Stare 
Flood 
Siesie Le 
Learn 
Flood 
Persistent 
Stale 
Persistent 
Sale 
Flood 
§ 
L 
S 


tatic 

















show ethernet-switching table brief (EX Series switches) 


user@switch> show ethernet-switching table brief 





VLAN 
E2 


* 


Ethernet-switching table: 


57 entries, 


MAC address 


15 learned, 


2 persistent 


Age 


0 


Interfaces 
All-members 
ge-0/0/44.0 
ROU CTs 
All-members 
Router 
ge-0/0/47.0 
All-members 
ge-0/0/46.0 
Router 
ge-0/0/46.0 
Router 
All-members 
Router 
ge-0/0/46.0 


Router 





All-members 
ge-0/0/ 15.0 
Router 
Gen 0)/0/ar 0) 
All-members 
Router 
ge-0/0/46.0 
Router 
All-members 
Router 
ge-0/0/46.0 
Router 


All-members 





BOULCE 
ge-0/0/46.0 


ntries 





Type 
Flood 


2 persistent 


Age 


Interfaces 


All-members 


817 


F2 
F2 
Linux 


Linux 





Linux 


‘| 
S oa © 


arial 
wii 





T4 
T4 





0 
0 


0 
0 


0 
0 
0 
0 


0 
0 
0 


0 
0 
0 


0 
0 
0 


0 
0 
0 


0 
0 


[output truncated] 


0: 
Ors 


OF 
Og 


Ok 
OR 
OR 
Or 


OR 


Opa 


Opa 


Opsa: 


OR 
I Gs 


ISyg 
S08 


00: 
00: 
Ug)3 
19s 


Og IL8) 


(0).g aL 


Ol 
OF 
Ors 


(OR 
OR 
Of: 


OF 
OR 





00: 
Soke 
iS 


00: 
ILSyg 
Ss 


00: 
ys 


Ware 
e2: 


e2: 
48: 


O05: 
5e8 
e2: 
e2: 


:5e: 
:e2: 
:e2: 


:e2: 
:e2: 
:e2: 


5e: 
e2: 
e2: 


5e: 
e2: 
e2: 


5e: 
e2: 


00:00: 
SO de 


SOR: 
90:54: 


00:00 


S0863 


OOF TOs 
DOSS 
SO 


S0S63 


00:01 


OO TOMR: 
SORMGSE 
SO de: 


OO OMe: 


50:63 


03 
e0 


e0 
89 


8 (aL 
OO ORR: 


00 


:e0 
S Orc: 


e0 


09 
e0 
e0 


:e0 1 
20) 9 ele 
SOR acs 


e0 


00 1 


& (0) 
B06 38 
SOs ce: 


e0 
e0 


02 


e0 


e0 


03 


:e0 


Learn 
Static 
Flood 
Static 
Learn 
Flood 
Persistent 
SiGatsac 
Persistent 
SiGatsac 
Flood 
S 
L 
S 


EaELe 

















show ethernet-switching table detail (EX Series switches) 


user@switch> show ethernet-switching table detail 





VLAN: default, 
Interfaces: 
ge—0/0/ LiL. 0, 


Type: Flood 


Nexthop index: 


VLAN: default, 


Type: Learn, 


Tag: 


Ethernet-switching tabl 


0, 





5 


MAC: 


ge-070/20'.0, 


LSO7 


Tees 
Age: 


0, 
0, 


MAC: 


Learned: 


ntries, 


2, Miah eGNere iG! 


ge=0/ 0/3020; 


2 learned 


ntries 





ge-0/0 


OUST s12 307 bo ios, 


ZO OOF A16 


All-members 


P36 .M,, 


Interface: 


ge-0/0/44.0 
ROUE ets 
All-members 
ROUMibCts 
ge-0/0/47.0 
All-members 
ge-0/0/46.0 
Router 
ge-0/0/46.0 
Router 
All-members 
Router 
ge-0/0/46.0 


ROULeE 





All-members 
ge-0/0/15.0 
Router 
Gem 0) 0)/ae0) 
All-members 
Router 
ge-0/0/46.0 
Router 
All-members 
Router 
ge-0/0/46.0 
Router 


All-members 





Router 
ge-0/0/46.0 


ge-0/0/3.0 


ge-0/0/3.0 


818 


Nexthop index: 1315 





VLAN: vl, Tag: 101, MAC: *, Interface: All-members 
IMESTOECOSS 8 
ge-0/0/31.0 
Type: Flood 

Nexthop index: 1313 


WAGAING Sill, “ewes Alo), IMUN@ Se l00)g bse S28 SiO) Sloe 2 tS), igus esos 


Type: Learn, Age: 0, Learned: 20:09:25 
Nexthop index: 1312 








VLAN: v2, Tag: 102, MAC: *, Interface: All-members 
IMESISECESS 8 
asd © 
Type: Flood 
Nexthop index: 1317 


show ethernet-switching table extensive (EX Series switches) 


user@switch> show ethernet-switching table extensive 





ge-0/0/31.0 


ntries 








VLAN: vl, Tag: 10, MAC: *, Interface: All-members 


Interfaces: 


ge-0/0/14.0, ge-0/0/1.0, ge-0/0/2.0, ge-0/0/3.0, 
Ge—0/0/ 5.0), Ge—-0/ 0/6207) ge-07 0/720, ge-0/ 07 82.0), 


ge-0/0/0.0 
Type: Flood 
Nexthop index: 567 


WAYANINE oll, Wereg 10), IMNCS OO SAIS eCOckissZe, Mineeiercicres 


Type: Static 


Nexthop index: 0 


Ethernet-switching table: 3 entries, 1 learned, 5 persistent 





VEANS Sve, Lag: LO), MAC: SOUR ZI 5Uico Sate inter rac 


Type: Learn, Age: 0, Learned: 18:40:50 





Nexthop index: 564 


show ethernet-switching table persistent-mac (EX Series switches) 


user@switch> show ethernet-switching table persistent-mac 


g 


Router 


0/0/14.0 


ge-0/0/4.0, 
ge—07 0/7 HOMO), 


819 


VLAN 
default 
default 
default 
default 
default 
default 


default 











default 


MAC address 


00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 


LO) 3 
LL) 3 
LO) 8 
Ok 
OR 
ROK 
110) 3 
LO g 


94 
94 
94 
94 
94 
94 
94 





94 


S0@s 
51002 
S008 
OOK: 
OIOk 
eAOLOks 
S008 
S008 


00: 
00: 
00: 
00: 
00: 
Sk 
06: 
OF 


02 
03 
04 
05 
06 
02 
03 
04 


Type 

installed 
installed 
installed 
installed 
installed 


Interface 
ge-0/0/42. 
ge-0/0/42. 
ge-0/0/42. 
ge-0/0/42. 
ge-0/0/42. 


ey fe oe we SS 


uninstalled ge-0/0/16.0 
uninstalled ge-0/0/16.0 
uninstalled ge-0/0/16.0 


show ethernet-switching table persistent-mac interface ge-0/0/16.0 (EX Series switches) 


VLAN 

default 
default 
default 


MAC address 
00210: 94:00:05: 02 
OW etOs QA solos oor @s 
00:10:94:00:07:04 


iype 


Interface 


uninstalled ge-0/0/16.0 
uninstalled ge-0/0/16.0 
uninstalled ge-0/0/16.0 


show ethernet-switching table (EX Series, MX Series and QFX Series) 


user@host> show ethernet-switching table 


MAC flags (S - static MAC, 





Routing instance 
Vian 
name 


VLAN101 


default-—switch 
MAC 


D = Chyanemie WNC, Ih = JIhee@aiilily 
SE - statistics enabled, NM 


address 


SS} S10) 8 36 S} Biol) 3 (0) 7S 1210) D 


MAC flags (S - static MAC, 





Routing instance 


default-—switch 


— non configured MAC, 


learned 


820 


R — remote PE MAC) 


MAC Age Logical 
flags interface 
= AS20) 0 
D - dynamic MAC, L - locally learned 


SE -— statistics enabled, NM 


— non configured MAC, 


R — remote PI 


Vlan MAC MAC Age Logical 
name address flags interface 
VLAN102 88:e0:f£3:bb:07:f0 D = ae20.0 
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned 
SE - statistics enabled, NM —- non configured MAC, R - remote PI 





Routing instance 


default-—switch 








E MAC) 





E MAC) 


Vian 
name 


VLAN103 


MAC flags 
SE 





Routing instance 


Vian 
name 


VLAN104 


MAC flags 
SE 





Routing instance 
Vian 
name 


VLAN1101 


MAC flags 
SE 





Routing instance 
Vian 
name 


VLAN1102 


MAC flags 
SE 





Routing instance 
Vian 
name 


VLAN1103 


MAC flags (S 


n 





(Si wsitatk tom MACE 


(S — static MAC, 


(S = static MAC, 


(S = static MAC, 


— static MAC, 


MAC 
address 
se eOl Eon bbeyOie: 


Deneve 


— statistics enabled, NM 


default-switch 
MAC 
address 
Sis) GSO) 8 26.5) B1S1o)8 (0) 7/ & 


DY = Chyna 


— statistics enabled, NM 


default-switch 
MAC 
address 
OO ¢ Wie 3 129 32 9365 8 


D - dynamic 


— statistics enabled, NM 


default-switch 
MAC 
address 
OOg Iie LZR S23 Se 


ID = Chynennave 


— statistics enabled, NM 


default-switch 
MAC 
address 
OO iit 3 29 3.2 6 i165 ¢ 


D - dynamic 


E - statistics enabled, NM 


MAC 
flags 
£0 D 


MNGi) = lkeo@allily 


— non configured 


MAC 
flags 
£0 D 


MAC apm nOc culalay, 


— non configured 


MAC 
flags 
ql D 


MAC, Ib = Jllo@alillly 


— non configured 


MAC 
flags 
oll D 


MAC le eenOcalally, 


— non configured 


MAC 
flags 
ul D 


MAC, I = llhoe@allily 


— non configured 


821 








Age Logical 
interface 
= ae20.0 
learned 
MAC, R -— remote PE MAC) 
Age Logical 
interface 
= ae20.0 
learned 
MAC, R — remote PE MAC) 
Age Logical 
interface 
= ae0.0 
learned 
MAC, R -— remote PE MAC) 





Age Logical 
interface 
= ae0.0 
learned 
MAC, R — remote PE MAC) 





Age Logical 
interface 
= ae0.0 
learned 
MAC, R -— remote PE MAC) 





Routing instance 
Vian 
name 


VLAN1104 


MAC flags 





Routing instance 
Vian 
name 


VLAN1105 


MAC flags 





Routing instance 
Vian 
name 


VLAN1106 


(S = static MAC, 
SE -— statistics enabled, NM 


(S = static MAC, 
SE - statistics enabled, NM 


default-switch 
MAC 
address 
OO ¢ dies 23 32 9365) 3 iil 


D - dynamic MAC, 


default-switch 
MAC 
address 
WOgLesilsrS23e See 


D - dynamic MAC, 


default-switch 
MAC 
address 
OOgiwesils3 32615 8 el 


loco Gulieomle Tcietlineacecl. ..] 


show ethernet-switching table brief 


user@host> show ethernet-switching table brief 


MAC flags 





Routing instance 
Vian 
name 


VLAN101 


MAC flags 





Routing instance 
Vian 
name 


VLAN102 


(S = static MAC, 


(S = static MAC, 


D - dynamic MAC, 


default-switch 
MAC 
address 
SSS S10) 8 16S) Bios) 8 (0) 7/ § 1210) 


D - dynamic MAC, 


default-switch 
MAC 
address 
HS SSO) 8 16S) Glog g 07/8 20) 


MAC 
flags 


ib = lloeaillly 


— non configured 


MAC 
flags 


Oc culaliy, 


— non configured 


MAC 
flags 


ib = lloealllly 


SE -— statistics enabled, NM - non configured 


MAC 
flags 
D 


eno cculaliy, 


SE -— statistics enabled, NM - non configured 


MAC 
flags 
D 


Age 
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Logical 
interface 


ae0.0 


learned 


MAC, 


Age 





MAC) 


Gi 


R — remote P! 


Logical 
interface 


ae0.0 


learned 


MAC, 


Age 





R -— remote PE MAC) 


E 


Logical 
interface 


ae0.0 


learned 


MAC, 


Age 


R -— remote PE MAC) 





Logical 
interface 


ae20.0 


learned 


MAC, 


Age 





Ba 


R — remote PE MAC) 


Logical 
interface 


ae20.0 
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MAC flags (S —- static MAC, D - dynamic MAC, L - locally learned 








MAC) 


Ba} 


SE - statistics enabled, NM —- non configured MAC, R - remote PI 


Routing instance : default-switch 


Vlan MAC MAC Age Logical 
name address flags interface 
VLAN103 se eO ts bos 07 220 D = ae20.0 


MAC flags (S - static MAC, D - dynamic MAC, L - locally learned 





SE -— statistics enabled, NM - non configured MAC, R - remote PE MAC) 





E 


Routing instance : default-switch 


Vlan MAC MAC Age Logical 
name address flags interface 
VLAN104 Come One oloesO Wace 0) D = ae20.0 


MAC flags (S -— static MAC, D —- dynamic MAC, L - locally learned 








MAC) 


Ba | 


SE - statistics enabled, NM - non configured MAC, R —- remote PI 


Routing instance : default-switch 


Vlan MAC MAC Age Logical 
name address flags interface 
VLAN1101 Og thie 3 28 S29 365 oe D = ae0.0 


Loa o@Ulcjowle icietiecieecl. 5. ] 


show ethernet-switching table count 


user@host> show ethernet-switching table count 


0 MAC address learned in routing instance default-switch VLAN VLAN1000 
ae26.0:1000 


1 MAC address learned in routing instance default-switch VLAN VLAN101 
ae20.0:101 


MAC address count per learn VLAN within routing instance: 
Learn VLAN ID MAC count Static MAC count 


101 il 0 


1 MAC address learned in routing instance default-switch VLAN VLAN102 


ae20.0:102 


MAC address count per learn VLAN within routing instance: 
Learn VLAN ID MAC count Static MAC count 
102 iL 0 


1 MAC address learned in routing instance default-switch VLAN VLAN103 
ae20.0:103 


MAC address count per learn VLAN within routing instance: 
Learn VLAN ID MAC count Static MAC count 
EOS iL 0 


1 MAC address learned in routing instance default-switch VLAN VLAN104 
ae20.0:104 


MAC address count per learn VLAN within routing instance: 
Learn VLAN ID MAC count Static MAC count 
104 AL 0 


0 MAC address learned in routing instance default-switch VLAN VLAN105 
K-40) Ors Oho) 


0 MAC address learned in routing instance default-switch VLAN VLAN106 
ae20.0:106 


0 MAC address learned in routing instance default-switch VLAN VLAN107 
ae20.0:107 


O MAC address learned in routing instance default-switch VLAN VLAN108 
ae20.0:108 


0 MAC address learned in routing instance default-switch VLAN VLAN109 
ae20.0:109 


0 MAC address learned in routing instance default-switch VLAN VLAN110 
ae20.0:110 


1 MAC address learned in routing instance default-switch VLAN VLAN1101 
ae0.0:1101 


MAC address count per learn VLAN within routing instance: 
Learn VLAN ID MAC count Static MAC count 
1101 Al 0 
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1 MAC address learned in routing instance default-switch VLAN VLAN1102 
ae0.0:1102 


MAC address count per learn VLAN within routing instance: 
Learn VLAN ID MAC count Static MAC count 
ALO? iL 0 


soo QUlcjowle icicuiMGeeecl, 5. ] 


show ethernet-switching table extensive 


user@host> show ethernet-switching table extensive 


MAG iii lise isisimolonic Oneie elo rea Om aseia) 
Routing instance: default-switch 

WALA IDG AL(} IL 

Learning interface: ae20.0 


ibeweie 2 itllAgSs aim _Inesiln, aim _aliecl, alin sbi Jl, ain wileun, Lin seibie, Ieieinell, tin aL ilove) 





Epoch: 0 Sequence number: 2 





Learning mask: 0x00000008 


MAGe cicldizesismeco ic Uno iO biraOn/asta0) 
Routing instance: default-switch 

WANN, IDG 1L(0)Z 

Learning interface: ae20.0 


Aver 2 iElAgSs ain Inasiln, win aie, alin sie 1, sim wileun, aim _ iiic , Ieueimell , kim aLiélovel 





Epoch: 0 Sequence number: 2 





Learning mask: 0x00000008 


MAC ackliessss BS sSO sis slolggO7 sie 
Routing instance: default-switch 

VLAN ID: 103 

Learning interface: ae20.0 


lawyer 2 illagese aim _ineeiln, aim aieel, win a3, sim wil@in, alin iGie  Ieeueivel , sina sélovel 





Epoch: 0 Sequence number: 2 





Learning mask: 0x00000008 


MAG maid ise \sisimmcionc Oneise Ooi Om aset 
Routing instance: default-switch 

VLAN ID: 104 

Learning interface: ae20.0 


llawere 2 itllAgss ain _Inasiln, sim _aliecl, alin sli Jl, ain wileun, in witie, Ikeueinell, atin aLiélovel 








Epoch: 0 Sequence number: 2 
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Learning mask: 


826 


0x00000008 


MAG acl cise sists0 Or aee see so acehorieu: 


Routing instance: default-switch 


VLAN ID: 1101 


Layer 2 flags: 
Epoch: 0 





Learning mask: 


Learning interface: ae0.0 


ain Ines, alin _abieel, skin alse dl, aii wllaial, aim _seieie 5 leSueinveil , shiny al icloyel 





Sequence number: 2 
0x00000008 


MAC waclelisSsisii0 Onell orem iene 


Routing instance: default-switch 


VLAN ID: 1102 


Layer 2 flags: 
Epoch: 0 





Learning mask: 


Learning interface: ae0.0 


aija_Ineisiloy,, ajo _aliecl, skin alse Jl. ain _svilaua, Tin FACIE p RSIEIMNEUL p Lig_AL Eloyel 





Sequence number: 2 
0x00000008 


MAC waceliaSsicti 0 Uren se2 oie oniel: 


Routing instance: default-switch 


VLAN ID: 1103 


Layer 2 flags: 
Epoch: 0 





Learning mask: 


Learning interface: ae0.0 


akin _lovevsiiel, akigl alse, alin alse dl atin _wwllaial, stim seieie 5 leeueinvell stig al izloxel 





Sequence number: 2 
0x00000008 


MAC Mac cisesisi-a0 On aberdeo esse morte: 


Routing instance: default-switch 


VLAN ID: 1104 


Layer 2 flags: 
Epoch: 0 





Learning mask: 


| Sample Output 


Learning interface: ae0.0 


iin _Inevsile, alin abieel, sig alse dl, atin wilaial, aim sell 5 leSueinvell sligy sl ieloxel 





Sequence number: 2 
0x00000008 


show ethernet-switching table detail (SRX Series) 


user@host> show ethernet-switching table detail 





Ethernet-switching table: 57 entries, 17 learned 
2, 





Interface(s): 


Type: Flood 


WZ, OOS WO Siac 





ge-0/0/44.0 


OOVSS2 Ac 





Interface(s): 


Typos: Learn, 


2, WOE Os Sia.e 





Interface (s): 


Iyisss Sica se 


IaLigbe, 5 


ge-0/0/44.0 
Age: 0, Learned: 2:03:09 
00:53:AA 


Router 





Interface(s): 


Type: Flood 


Iban, OO 300s 


Interface (s): 


Type: Static 


inalioges, (00:3 010) 2 


ge-0/0/47.0 


Oo 


E:00:53:AB 


ROULCer 





SE OOP oS Ae 





Interface(s): 


yoos Learn, 
Tl, * 


ge-0/0/47.0 
Age: 0, Learned: 2:03:08 





Type: Flood 





Interface(s): 


TW GOIN GEES Si 


ge-0/0/46.0 
OO Se AD 
ge-0/0/46.0 





iyoe: Learn, 


eV OC MES clesaC! 





Interface(s): 


Ti, OO SOs Sine 


Interface (s): 


dy OOS OU SEs 


Age: 0, Learned: 2:03:07 
00:53:AE 


Router 


OOF Sse Ar 





yoo: Learn, 





IVyioes Siecle 
TO, 


Interface(s): 


TL, O020025E: 


Interface (s): 


ge-0/0/46.0 
Age: 0, Learned: 2:03:07 
OURS AG 


Router 





Type: Flood 


Type: Static 
OPO ORO Orr S 


Interface(s): 


Interface (s): 


ge-0/0/46.0 


TiO, CO2002 SE 200 +53 An 


Router 


TSOOSSsig Aur 








iyoss Learn, 
FLO, OOSWO¢g SI 


Interface(s): 


ge-0/0/46.0 
Age: 0, Learned: 2:03:08 
HEOORSS oA 








IVisSs Siege Le 


Interface (s): 


Router 
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Willi, 





Type: Flood 





Interface(s): 


ge-0/0/15.0 


output truncated] 


| Sample Output 


show ethernet-switching table extensive (SRX Series) 


user@host> show ethernet-switching table extensive 





BB, * 


Ethernet-switching table: 57 entries, 17 learned 





Interface(s): 


Type: Flood 


2, (OOS ONS Sia,8 





ge-0/0/44.0 


OOS EAA 





Interface(s): 


ivype: Learn, 


WAZ, OW s0)s Siars 





Interface (s): 


Type: Static 


Ibs igiwise, 25 


ge-0/0/44.0 
Age: 0, Learned: 2:03:09 
00:53:AA 


Router 





Interface(s): 


Type: Flood 


inakioge, WO3Ol0 


Interface (s): 


TVOSe SEAELS 


Inala (0) 30/10) 2 


ge-0/0/47.0 


Oo 


13,9 OOS HS o yA} 


ROULCeE 





518, 3 OWS BS gINC 





Interface(s): 


lvoe: Learn, 
Tl, * 


ge-0/0/47.0 
Age: 0, Learned: 2:03:08 





Type: Flood 





Interface(s): 


TL, O02002 SEs 


ge-0/0/46.0 


ORS -AD) 





voe;. Learn, 





TVS Siescae 





Interface(s): 


Ti COS 00 25E> 


Interface(s): 


TL, OOS0025E: 


ge-0/0/46.0 
Age: 0, Learned: 2:03:07 
00:53:AE 





Roweer 


OOS re 








ype: Learn, 


Interface(s): 


ge-0/0/46.0 
Age: 0, Learned: 2:03:07 
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Ti, OOSOO2s Sia 200s 53s NE 





Interface(s): Router 
Iyioes Stace 

TLO; * 

Interface(s): ge-0/0/46.0 





Type: Flood 
TiO, CO200 SSE 00+ 537A 





Interface(s): Router 
Type: Static 

TiO, OUS00s Sh 00s 53241 
Interface(s): ge-0/0/46.0 











LLG, OWS OOS Sis 2OO)R 53} 9 Aur 
Interface(s): Router 
IVisSss Sica se 

waMil, * 

Interface(s): ge-0/0/15.0 





Type: Flood 





output truncated] 


| Sample Output 


Type: Learn, Age: 0, Learned: 2:03:08 


show ethernet-switching table interface ge-0/0/1 (SRX Series) 


user@host> show ethernet-switching table interface ge-0/0/1 





Ethernet-switching table: 


VLAN MAC address 
Wal * 
vali OOOO SR OOo Ar 





1 unicast entries 

Type Age Interfaces 
Flood — All-members 
Learn 0 ge-0/0/1.0 
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| show igmp-snooping route (View) 
Syntax 


show igmp-snooping route ( brief | detail | ethernet-switching | inet | vlan) 


Release Information 
Command introduced in Junos OS Release 9.5. 


Description 


Display IGMP snooping route information. 

Options 

e none—Display general parameters. 

e brief | detail—(Optional) Display the specified level of output. 

e ethernet-switching—(Optional) Display Ethernet switching information. 
e inet—(Optional) Display inet information. 


e vian vian-id |vian-name—(Optional) Display route information for the specified VLAN. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


Understanding Interfaces | 29 


Output Fields 
Table 56 on page 830 lists the output fields for the show igmp-snooping route command. Output fields are 
listed in the approximate order in which they appear. 


Table 56: show igmp-snooping route Output Fields 


Field Name Field Description 
VLAN Name of the VLAN. 
Group Multicast group address. 


Next-hop ID associated with the next-hop device. 
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| Sample Output 


show igmp-snooping route 


user@host> show igmp-snooping route 


VLAN Group Next—hop 
wlll AVS>O sLLS oO, * BSS) 
Interfaces: ge-0/0/13.0, ge-0/0/1.0 
wile 2030.0 51s 5, 534 
Interfaces: ge-0/0/13.0, ge-0/0/0.0 


show igmp-snooping route vlan v1 


user@host> show igmp-snooping route vlan v1 











Taloles © 

VLAN Group Next—hop 
vl ZQS 50 .1L3.2, % 1266 
Interfaces: ge-0/0/0.0 

vl AOS >sO,1ls ody 1266 
Interfaces: ge-0/0/0.0 

vl AQSo 0,13 s4, * 1266 
Interfaces: ge-0/0/0.0 

vl AOS .O cL sd, * 1266 
Interfaces: ge-0/0/0.0 

vl AOS sOoLls.6, © 1266 
Interfaces: ge-0/0/0.0 

vl Z0S .0 .1L3.6, % 1266 
Interfaces: ge-0/0/0.0 


| show interfaces 


List of Syntax 

Syntax (Gigabit Ethernet) on page 832 

Syntax (10 Gigabit Ethernet) on page 832 

Syntax (ACX5448, ACX5448-D, ACX710) on page 832 

Syntax (SRX Series Devices and (vSRX and vSRX 3.0 platforms)) on page 832 


Syntax (Gigabit Ethernet) 


show interfaces ge-fpc/pic/port 
<brief | detail | extensive | terse> 
<descriptions> 

<media> 

<snmp-index snmp-index> 
<statistics> 


Syntax (10 Gigabit Ethernet) 


show interfaces xe-fpc/pic/port 
<brief | detail | extensive | terse> 
<descriptions> 

<media> 

<snmp-index snmp-index> 
<statistics> 


Syntax (ACX5448, ACX5448-D, ACX710) 


show interfaces et-fpc/pic/port 
<brief | detail | extensive | terse> 
<descriptions> 

<media> 

<snmp-index snmp-index> 
<statistics> 


Syntax (SRX Series Devices and (vSRX and vSRX 3.0 platforms)) 


show interfaces ( 
<interface-name> 
<brief | detail | extensive | terse> 
<controller interface-name>| 
<descriptions interface-name>| 
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<destination-class (all | destination-class-name logical-interface-name)>| 
<diagnostics optics interface-name>| 

<far-end-interval interface-fpc/pic/port>| 

<filters interface-name>| 

<flow-statistics interface-name>| 

<interval interface-name>| 

<load-balancing (detail | interface-name)>| 

<mac-database mac-address mac-address>| 

<mc-ae id identifier unit number revertive-info>| 

<media interface-name>| 

<policers interface-name>| 

<queue both-ingress-egress egress forwarding-class forwarding-class ingress |2-statistics>| 
<redundancy (detail | interface-name)>| 

<routing brief detail summary interface-name>| 

<routing-instance (all | instance-name)>| 

<snmp-index snmp-index>| 

<source-class (all | destination-class-name logical-interface-name)>| 
<statistics interface-name>| 

<switch-port switch-port number>| 

<transport pm (all | optics | otn) (all | current | currentday | interval | previousday) (all | interface-name) >| 
<zone interface-name> 


Release Information 

Command introduced before Junos OS Release 7.4 for Gigabit interfaces. 

Command introduced in Junos OS Release 8.0 for 10 Gigabit interfaces. 

Command modified in Junos OS Release 9.5 for SRX Series devices. 

Command introduced in Junos OS Release 18.1 for Gigabit interfaces. 

Command modified in Junos OS Release 19.3R1 for MX Series Routers. 

Starting in Junos OS Release 19.3R1, Output fields Ifindex and speed is modified in the show interfaces 
interface name extensive command, on all MX Series routers. 


e The default behavior of WAN-PHY interface remains the same.The new precise-bandwidth option 
reflects the new speed (9.294-Gbps) configured on the supported line cards. 
e The WAN-PHY framing mode is supported only on MPC5E and MPCGE line cards. 


Starting in Junos OS Release 19.3R1, class of service (CoS) features can be configured on the physical 
interface with speed rates of 1-Gbps, 10-Gbps, 40-Gbps, and 100-Gbps to provide better bandwidth for 
processing traffic during congestion using variant speeds. 


Description 


Display status information about the specified Gigabit Ethernet interface. 
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(M320, M120, MX Series, and T Series routers only) Display status information about the specified 
10-Gigabit Ethernet interface. 


Display the IPvé6 interface traffic statistics about the specified Gigabit Ethernet interface for MX series 
routers. The input and output bytes (bps) and packets (pps) rates are not displayed for IFD and local traffic. 


Display status information and statistics about interfaces on SRX Series, vSRX, and vSRX 3.0 platforms 
running Junos OS. 


SRX4600 supports 40-Gigabit Ethernet breakouts only in PIC mode. Use the show interfaces extensive 
command to view the speed configured for the interface on SRX4600. Reboot the device for the changed 
configuration to take effect. 


On SRX Series appliances, on configuring identical IPs on a single interface, you will not see a warning 
message; instead, you will see a syslog message. 


Starting in Junos OS Release 18.4R1, Output fields Next-hop and vpls-status is displayed in the show 
interfaces interface name detail command, only for Layer 2 protocols on MX480 routers. 


In Junos OS Releases 19.2R3, 19.3R3, 19.4R3, 20.1R2, and 20.2R1, on QFX5120-48Y switch, the show 

interfaces interface-name <media> <extensive> command displays the autonegotiation status only for the 
interface that supports autonegotiation. This is applicable when the switch operates at 1-Gbps speed. In 
the earlier Junos Releases, incorrect autonegotiation status was displayed even when the autonegotiation 
was disabled. 


Options 


For Gigabit interfaces: 


ge-fpc/pic/port—Display standard information about the specified Gigabit Ethernet interface. 


NOTE: Interfaces with different speeds are named uniformly with ge-0/0/x for backward 
compatibility. Use the show interfaces command to view the interface speeds. 


brief | detail | extensive | terse—(Optional) Display the specified level of output. 
descriptions—(Optional) Display interface description strings. 

media—(Optional) Display media-specific information about network interfaces. 

snmp-index snmp-index—(Optional) Display information for the specified SNMP index of the interface. 
statistics—(Optional) Display static interface statistics. 

For 10 Gigabit interfaces: 


xe-fpc/pic/port—Display standard information about the specified 10-Gigabit Ethernet interface. 
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brief | detail | extensive | terse—(Optional) Display the specified level of output. 
descriptions—(Optional) Display interface description strings. 

media—(Optional) Display media-specific information about network interfaces. 

snmp-index snmp-index—(Optional) Display information for the specified SNMP index of the interface. 
statistics—(Optional) Display static interface statistics. 

For SRX interfaces: 


e interface-name—(Optional) Display standard information about the specified interface. Following is a 
list of typical interface names. Replace pim with the PIM slot and port with the port number. 


e at- pim/0/port—ATM-over-ADSL or ATM-over-SHDSL interface. 


ce1-pim/0/ port—Channelized E11 interface. 


cl-0/0/8—3G wireless modem interface for SRX320 devices. 


ct1-pim/0/port—Channelized T1 interface. 


dlO—Dialer Interface for initiating ISDN and USB modem connections. 


e1-pim/0/port—E1 interface. 


e3-pim/0/port—E3 interface. 


fe-pim/0/port—Fast Ethernet interface. 


ge-pim/O/port—Gigabit Ethernet interface. 


e 


se-pim/0/port—Serial interface. 


t1-pim/0/port—T1 (also called DS1) interface. 


t3-pim/0/port—T3 (also called DS3) interface. 


wx-slot/0/O—WAN acceleration interface, for the WXC Integrated Services Module (ISM 200). 


interface-name—(Optional) Display standard information about the specified interface. Following is 
a list of typical interface names. Replace pim with the PIM slot and port with the port number. 


e at- pim/0/port—ATM-over-ADSL or ATM-over-SHDSL interface. 

e ce1-pim/0/ port—Channelized E11 interface. 

e cl-0/0/8—3G wireless modem interface for SRX320 devices. 

e ct1-pim/0/port—Channelized T1 interface. 

e dlO—Dialer Interface for initiating ISDN and USB modem connections. 
e e1-pim/0/port—E1 interface. 


e3-pim/0/port—E3 interface. 


e 
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e fe-pim/0O/port—Fast Ethernet interface. 
e ge-pim/0/port—Gigabit Ethernet interface. 
e se-pim/0/port—Serial interface. 


t1-pim/0/port—T1 (also called DS1) interface. 


e t3-pim/0/port—T3 (also called DS3) interface. 
e wx-slot/0/O—WAN acceleration interface, for the WXC Integrated Services Module (ISM 200). 


Additional Information 


In a logical system, this command displays information only about the logical interfaces and not about the 
physical interfaces. 


Required Privilege Level 
view 


Release History Table 


Release Description 


19-2R3 In Junos OS Releases 19.2R3, 19.3R3, 19.4R3, 20.1R2, and 20.2R1, on QFX5120-48Y switch, 
the show interfaces interface-name <media> <extensive> command displays the autonegotiation 
status only for the interface that supports autonegotiation. 


18.4R1 Starting in Junos OS Release 18.4R1, Output fields Next-hop and vpls-status is displayed in 
the show interfaces interface name detail command, only for Layer 2 protocols on MX480 
routers. 


RELATED DOCUMENTATION 


Understanding Layer 2 Interfaces on Security Devices 
Verifying and Managing Agent Circuit Identifier-Based Dynamic VLAN Configuration 


Verifying and Managing Configurations for Dynamic VLANs Based on Access-Line Identifiers 


List of Sample Output 

show interfaces terse (ACX5448, ACX5448-D, ACX710 channelized interface) on page 886 

show interfaces (Gigabit Ethernet) on page 887 

show interfaces (Gigabit Ethernet on MX Series Routers) on page 887 

show interfaces (link degrade status) on page 888 

show interfaces extensive (Gigabit Ethernet on MX Series Routers showing interface transmit statistics 
configuration) on page 889 
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show interfaces brief (Gigabit Ethernet) on page 890 

show interfaces detail (Gigabit Ethernet) on page 891 

show interfaces extensive (Gigabit Ethernet |Q2) on page 892 

show interfaces (Gigabit Ethernet Unnumbered Interface) on page 896 

show interfaces (ACI Interface Set Configured) on page 897 

show interfaces (ALI Interface Set) on page 897 

show interfaces extensive (10-Gigabit Ethernet, LAN PHY Mode, IQ2) on page 898 
show interfaces extensive (10-Gigabit Ethernet, WAN PHY Mode) on page 901 

show interfaces extensive (10-Gigabit Ethernet, DWDM OTN PIC) on page 903 

show interfaces extensive (10-Gigabit Ethernet, LAN PHY Mode, Unidirectional Mode) on page 907 
show interfaces extensive (10-Gigabit Ethernet, LAN PHY Mode, Unidirectional Mode, 
Transmit-Only) on page 907 

show interfaces extensive (10-Gigabit Ethernet, LAN PHY Mode, Unidirectional Mode, 
Receive-Only) on page 908 

Sample Output SRX Gigabit Ethernet on page 910 

Sample Output SRX Gigabit Ethernet on page 911 

show interfaces (Gigabit Ethernet for vVSRX and vSRX 3.0) on page 911 

show interfaces detail (Gigabit Ethernet) on page 912 

show interfaces statistics st0.0 detail on page 914 

show interfaces extensive (Gigabit Ethernet) on page 915 

show interfaces terse on page 919 

show interfaces terse (vSRX and vSRX 3.0) on page 920 

show interfaces controller (Channelized E1 IQ with Logical E1) on page 920 

show interfaces controller (Channelized E1 1Q with Logical DSO) on page 920 

show interfaces descriptions on page 920 

show interfaces destination-class all on page 921 

show interfaces diagnostics optics on page 921 

show interfaces far-end-interval coc12-5/2/0 on page 922 

show interfaces far-end-interval coci-5/2/1:1 on page 923 

show interfaces filters on page 923 

show interfaces flow-statistics (Gigabit Ethernet) on page 924 

show interfaces interval (Channelized OC12) on page 925 

show interfaces interval (E3) on page 926 

show interfaces interval (SONET/SDH) (SRX devices) on page 926 

show interfaces load-balancing (SRX devices) on page 927 

show interfaces load-balancing detail (SRX devices) on page 927 

show interfaces mac-database (All MAC Addresses on a Port SRX devices) on page 927 
show interfaces mac-database (All MAC Addresses on a Service SRX devices) on page 928 
show interfaces mac-database mac-address on page 929 

show interfaces mc-ae (SRX devices) on page 929 

show interfaces media (SONET/SDH) on page 930 

show interfaces policers (SRX devices) on page 930 

show interfaces policers interface-name (SRX devices) on page 931 
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show interfaces queue (SRX devices) on page 931 

show interfaces redundancy (SRX devices) on page 932 

show interfaces redundancy (Aggregated Ethernet SRX devices) on page 933 
show interfaces redundancy detail (SRX devices) on page 933 
show interfaces routing brief (SRX devices) on page 933 

show interfaces routing detail (SRX devices) on page 934 

show interfaces routing-instance all (SRX devices) on page 935 
show interfaces snmp-index (SRX devices) on page 935 

show interfaces source-class all (SRX devices) on page 935 

show interfaces statistics (Fast Ethernet SRX devices) on page 936 
show interfaces switch-port (SRX devices) on page 937 

show interfaces transport pm (SRX devices) on page 937 

show security zones (SRX devices) on page 939 


Output Fields 


Table 57 on page 838 describes the output fields for the show interfaces (Gigabit Ethernet) command. 
Output fields are listed in the approximate order in which they appear. For Gigabit Ethernet IQ and IQE 
PICs, the traffic and MAC statistics vary by interface type. For more information, see Table 58 on page 877. 


Table 57: show interfaces (Gigabit Ethernet) Output Fields 


Field Name Field Description Level of Output 


Physical Interface 


Physical interface Name of the physical interface. All levels 


Enabled State of the interface. Possible values are described in the “Enabled Field” | All levels 


section under Common Output Fields Description. 


Interface index Index number of the physical interface, which reflects its initialization detail extensive none 
sequence. 

SNMP iflndex SNMP index number for the physical interface. detail extensive none 
Generation Unique number for use by Juniper Networks technical support only. detail extensive 
Link-level type Encapsulation being used on the physical interface. All levels 

MTU Maximum transmission unit size on the physical interface. All levels 

Speed Speed at which the interface is running. All levels 

Loopback Loopback status: Enabled or Disabled. If loopback is enabled, type of All levels 


loopback: Local or Remote. 


Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Source filtering 


LAN-PHY mode 


WAN-PHY mode 


Unidirectional 


Flow control 


Auto-negotiation 


Remote-fault 


Device flags 


Interface flags 


Link flags 


Wavelength 


Frequency 


CoS queues 


Schedulers 


Field Description 


Source filtering status: Enabled or Disabled. 


10-Gigabit Ethernet interface operating in Local Area Network Physical 
Layer Device (LAN PHY) mode. LAN PHY allows 10-Gigabit Ethernet wide 
area links to use existing Ethernet applications. 


10-Gigabit Ethernet interface operating in Wide Area Network Physical 
Layer Device (WAN PHY) mode. WAN PHY allows 10-Gigabit Ethernet 
wide area links to use fiber-optic cables and other devices intended for 
SONET/SDH. 


Unidirectional link mode status for 10-Gigabit Ethernet interface: Enabled 
or Disabled for parent interface; Rx-only or Tx-only for child interfaces. 


Flow control status: Enabled or Disabled. 


(Gigabit Ethernet interfaces) Autonegotiation status: Enabled or Disabled. 


(Gigabit Ethernet interfaces) Remote fault status: 


e Online—Autonegotiation is manually configured as online. 


e Offline—Autonegotiation is manually configured as offline. 


Information about the physical device. Possible values are described in 
the “Device Flags” section under Common Output Fields Description. 


Information about the interface. Possible values are described in the 
“Interface Flags” section under Common Output Fields Description. 


Information about the link. Possible values are described in the “Links 
Flags” section under Common Output Fields Description. 


(10-Gigabit Ethernet dense wavelength-division multiplexing [DWDM] 
interfaces) Displays the configured wavelength, in nanometers (nm). 


(10-Gigabit Ethernet DWDM interfaces only) Displays the frequency 
associated with the configured wavelength, in terahertz (THz). 


Number of CoS queues configured. 


(Gigabit Ethernet intelligent queuing 2 [IQ2] interfaces only) Number of 
CoS schedulers configured. 
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Level of Output 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


detail extensive none 


extensive 


Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Hold-times 


Current address 


Hardware address 


Last flapped 


Input Rate 


Output Rate 


Statistics last 
cleared 


Egress account 
overhead 


Ingress account 
overhead 


Field Description 


Current interface hold-time up and hold-time down, in milliseconds (ms). 


Configured MAC address. 


Hardware MAC address. 


Date, time, and how long ago the interface went from down to up. The 
format is Last flapped: year-month-day hour:minute:second:timezone 
(hour:minute:second ago). For example, Last flapped: 2002-04-26 10:52:40 
PDT (04:33:20 ago). 


Input rate in bits per second (bps) and packets per second (pps). The value 
in this field also includes the Layer 2 overhead bytes for ingress traffic on 
Ethernet interfaces if you enable accounting of Layer 2 overhead at the 
PIC level or the logical interface level. 


Output rate in bps and pps. The value in this field also includes the Layer 
2 overhead bytes for egress traffic on Ethernet interfaces if you enable 
accounting of Layer 2 overhead at the PIC level or the logical interface 


level. 


Time when the statistics for the interface were last set to zero. 


Layer 2 overhead in bytes that is accounted in the interface statistics for 


egress traffic. 


Layer 2 overhead in bytes that is accounted in the interface statistics for 
ingress traffic. 
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Level of Output 


detail extensive 


detail extensive none 


detail extensive none 


detail extensive none 


None 


None 


detail extensive 


detail extensive 


detail extensive 


Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Traffic statistics 


Field Description 


Number and rate of bytes and packets received and transmitted on the 


physical interface. 


Input bytes—Number of bytes received on the interface. The value in 
this field also includes the Layer 2 overhead bytes for ingress traffic on 
Ethernet interfaces if you enable accounting of Layer 2 overhead at 
the PIC level or the logical interface level. 


Output bytes—Number of bytes transmitted on the interface. The value 
in this field also includes the Layer 2 overhead bytes for egress traffic 
on Ethernet interfaces if you enable accounting of Layer 2 overhead at 
the PIC level or the logical interface level. 


Input packets—Number of packets received on the interface. 


Output packets—Number of packets transmitted on the interface. 


Gigabit Ethernet and 10-Gigabit Ethernet 1Q PICs count the overhead 
and CRC bytes. 


For Gigabit Ethernet IQ PICs, the input byte counts vary by interface type. 


For more information, see Table 31 under the show interfaces Command. 
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Level of Output 


detail extensive 
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Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Input errors 


Field Description Level of Output 


Input errors on the interface. The following paragraphs explain the extensive 
counters whose meaning might not be obvious: 


e Errors—Sum of the incoming frame aborts and FCS errors. 


e Drops—Number of packets dropped by the input queue of the I/O 
Manager ASIC. If the interface is saturated, this number increments 
once for every packet that is dropped by the ASIC's RED mechanism. 


e Framing errors—Number of packets received with an invalid frame 
checksum (FCS). 


e Runts—Number of frames received that are smaller than the runt 
threshold. 


e Policed discards—Number of frames that the incoming packet match 
code discarded because they were not recognized or not of interest. 
Usually, this field reports protocols that Junos OS does not handle. 


e L3 incompletes—Number of incoming packets discarded because they 
failed Layer 3 (usually IPv4) sanity checks of the header. For example, 
a frame with less than 20 bytes of available IP header is discarded. L3 
incomplete errors can be ignored by configuring the 
ignore-I3-incompletes statement. 


e L2 channel errors—Number of times the software did not find a valid 
logical interface for an incoming frame. 
e L2 mismatch timeouts—Number of malformed or short packets that 


caused the incoming packet handler to discard the frame as unreadable. 


e FIFO errors—Number of FIFO errors in the receive direction that are 
reported by the ASIC on the PIC. If this value is ever nonzero, the PIC 
is probably malfunctioning. 


e Resource errors—Sum of transmit drops. 
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Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Output errors 


Field Description Level of Output 


Output errors on the interface. The following paragraphs explain the extensive 
counters whose meaning might not be obvious: 


e Carrier transitions—Number of times the interface has gone from down 
to up. This number does not normally increment quickly, increasing 
only when the cable is unplugged, the far-end system is powered down 
and then up, or another problem occurs. If the number of carrier 
transitions increments quickly (perhaps once every 10 seconds), the 
cable, the far-end system, or the PIC or PIM is malfunctioning. 


e Errors—Sum of the outgoing frame aborts and FCS errors. 


e Drops—Number of packets dropped by the output queue of the I/O 
Manager ASIC. If the interface is saturated, this number increments 
once for every packet that is dropped by the ASIC's RED mechanism. 


NOTE: Due to accounting space limitations on certain Type 3 FPCs 
(which are supported in M320 and T640 routers), the Drops field 
does not always use the correct value for queue 6 or queue 7 for 
interfaces on 10-port 1-Gigabit Ethernet PICs. 


e Collisions—Number of Ethernet collisions. The Gigabit Ethernet PIC 
supports only full-duplex operation, so for Gigabit Ethernet PICs, this 
number must always be O. If it is nonzero, there is a software bug. 

e Aged packets—Number of packets that remained in shared packet 
SDRAM so long that the system automatically purged them. The value 
in this field must never increment. If it does, it is most likely a software 
bug or possibly malfunctioning hardware. 

e FIFO errors—Number of FIFO errors in the send direction as reported 
by the ASIC on the PIC. If this value is ever nonzero, the PIC is probably 
malfunctioning. 

e HS link CRC errors—Number of errors on the high-speed links between 
the ASICs responsible for handling the router interfaces. 

e MTU errors—Number of packets whose size exceeded the MTU of the 
interface. 


e Resource errors—Sum of transmit drops. 
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Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Egress queues 


Queue counters 
(Egress) 


Ingress queues 


Queue counters 
(Ingress) 


Field Description Level of Output 


Total number of egress queues supported on the specified interface. detail extensive 


NOTE: In DPCs that are not of the enhanced type, such as DPC 40x 1GE 
R, DPCE 20x 1GE + 2x 10GE R, or DPCE 40x 1GE R, you might notice a 
discrepancy in the output of the show interfaces command because 
incoming packets might be counted in the Egress queues section of the 
output. This problem occurs on non-enhanced DPCs because the egress 
queue statistics are polled from IMQ (Inbound Message Queuing) block 
of the I-chip. The IMQ block does not differentiate between ingress and 
egress WAN traffic; as a result, the combined statistics are displayed in 
the egress queue counters on the Routing Engine. In a simple VPLS 
scenario, if there is no MAC entry in DMAC table (by sending unidirectional 
traffic), traffic is flooded and the input traffic is accounted in IMQ. For 
bidirectional traffic (MAC entry in DMAC table), if the outgoing interface 
is on the same I-chip then both ingress and egress statistics are counted 
in a combined way. If the outgoing interface is on a different I-chip or 
FPC, then only egress statistics are accounted in IMQ. This behavior is 
expected with non-enhanced DPCs 


CoS queue number and its associated user-configured forwarding class _ detail extensive 


name. 


e Queued packets—Number of queued packets. 
e Transmitted packets—Number of transmitted packets. 
e Dropped packets—Number of packets dropped by the ASIC's RED 


mechanism. 


NOTE: Due to accounting space limitations on certain Type 3 FPCs 
(which are supported in M320 and T640 routers), the Dropped packets 
field does not always display the correct value for queue 6 or queue 7 
for interfaces on 10-port 1-Gigabit Ethernet PICs. 


Total number of ingress queues supported on the specified interface. extensive 
Displayed on IQ2 interfaces. 


CoS queue number and its associated user-configured forwarding class | extensive 
name. Displayed on IQ2 interfaces. 


e Queued packets—Number of queued packets. 
e Transmitted packets—Number of transmitted packets. 


e Dropped packets—Number of packets dropped by the ASIC's RED 
mechanism. 
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Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Active alarms and 
Active defects 


Interface transmit 
statistics 


OTN FEC statistics 


PCS statistics 


Field Description Level of Output 


Ethernet-specific defects that can prevent the interface from passing detail extensive none 
packets. When a defect persists for a certain amount of time, it is 

promoted to an alarm. Based on the router configuration, an alarm can 

ring the red or yellow alarm bell on the router, or turn on the red or yellow 

alarm LED on the craft interface. These fields can contain the value None 


or Link. 


e None—There are no active defects or alarms. 


e Link—Interface has lost its link state, which usually means that the cable 
is unplugged, the far-end system has been turned off, or the PIC is 
malfunctioning. 


(On MX Series devices) Status of the interface-transmit-statistics detail extensive 
configuration: Enabled or Disabled. 


e Enabled—When the interface-transmit-statistics statement is included 
in the configuration. If this is configured, the interface statistics show 


the actual transmitted load on the interface. 


e Disabled—When the interface-transmit-statistics statement is not 
included in the configuration. If this is not configured, the interface 
statistics show the offered load on the interface. 


The forward error correction (FEC) counters provide the following detail extensive 


statistics: 


e Corrected Errors—Count of corrected errors in the last second. 


e Corrected Error Ratio—Corrected error ratio in the last 25 seconds. For 
example, 1e-7 is 1 error per 10 million bits. 


(10-Gigabit Ethernet interfaces) Displays Physical Coding Sublayer (PCS) | detail extensive 
fault conditions from the WAN PHY or the LAN PHY device. 


e Bit errors—Number of seconds during which at least one bit error rate 
(BER) occurred while the PCS receiver is operating in normal mode. 
e Errored blocks—Number of seconds when at least one errored block 


occurred while the PCS receiver is operating in normal mode. 


Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Link Degrade 


Field Description 


Shows the link degrade status of the physical link and the estimated bit 
error rates (BERs). This field is available only for the PICs supporting the 
physical link monitoring feature. 


e Link Monitoring—Indicates if physical link degrade monitoring is enabled 
on the interface. 


e Enable—Indicates that link degrade monitoring has been enabled 
(using the link-degrade-monitor statement) on the interface. 


e Disable—Indicates that link degrade monitoring has not been enabled 
on the interface. If link degrade monitoring has not been enabled, 
the output does not show any related information, such as BER values 
and thresholds. 


e Link Degrade Set Threshold—The BER threshold value at which the 
link is considered degraded and a corrective action is triggered. 


e Link Degrade Clear Threshold—The BER threshold value at which the 
degraded link is considered recovered and the corrective action applied 
to the interface is reverted. 


e Estimated BER—The estimated bit error rate. 
e Link-degrade event—Shows link degrade event information. 


e Seconds—Time (in seconds) elapsed after a link degrade event 


occurred. 
e Count—The number of link degrade events recorded. 


e State—Shows the link degrade status (example: Defect Active). 
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Level of Output 


detail extensive 
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Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name Field Description Level of Output 


MAC statistics extensive 
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Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Field Description Level of Output 


Receive and Transmit statistics reported by the PIC's MAC subsystem, 
including the following: 


e Total octets and total packets—Total number of octets and packets. 
For Gigabit Ethernet IQ PICs, the received octets count varies by 
interface type. For more information, see Table 31 under the show 


interfaces Command. 


e Unicast packets, Broadcast packets, and Multicast packets—Number 
of unicast, broadcast, and multicast packets. 


e CRC/Align errors—Total number of packets received that had a length 
(excluding framing bits, but including FCS octets) of between 64 and 
1518 octets, inclusive, and had either a bad FCS with an integral number 
of octets (FCS Error) or a bad FCS with a nonintegral number of octets 


(Alignment Error). 


e FIFO error—Number of FIFO errors that are reported by the ASIC on 
the PIC. If this value is ever nonzero, the PIC or a cable is probably 
malfunctioning. 


e MAC control frames—Number of MAC control frames. 


e MAC pause frames—Number of MAC control frames with pause 
operational code. 


e Oversized frames—There are two possible conditions regarding the 
number of oversized frames: 


e Packet length exceeds interface MTU, or 


e Packet length exceeds MRU 


e Jabber frames—Number of frames that were longer than 1518 octets 
(excluding framing bits, but including FCS octets), and had either an 
FCS error or an alignment error. This definition of jabber is different 
from the definition in IEEE-802.3 section 8.2.1.5 (LOBASE5) and section 
10.3.1.4 (1OBASE2). These documents define jabber as the condition 
in which any packet exceeds 20 ms. The allowed range to detect jabber 
is from 20 ms to 150 ms. 


e Fragment frames—Total number of packets that were less than 64 
octets in length (excluding framing bits, but including FCS octets) and 
had either an FCS error or an alignment error. Fragment frames normally 
increment because both runts (which are normal occurrences caused 
by collisions) and noise hits are counted. 


e VLAN tagged frames—Number of frames that are VLAN tagged. The 
system uses the TPID of 0x8100 in the frame to determine whether a 
frame is tagged or not. 


Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


OTN Received 
Overhead Bytes 


OTN Transmitted 
Overhead Bytes 


Field Description 


NOTE: The 20-port Gigabit Ethernet MIC (MIC-3D-20GE-SFP) does 
not have hardware counters for VLAN frames. Therefore, the VLAN 
tagged frames field displays O when the show interfaces command is 
executed on a 20-port Gigabit Ethernet MIC. In other words, the number 
of VLAN tagged frames cannot be determined for the 20-port Gigabit 
Ethernet MIC. 


e Code violations—Number of times an event caused the PHY to indicate 


“Data reception error” or “invalid data symbol error.” 
APS/PCCO: 0x02, APS/PCC1: 0x11, APS/PCC2: 0x47, APS/PCC3: 0x58 
Payload Type: 0x08 


APS/PCCO: 0x00, APS/PCC1: 0x00, APS/PCC2: 0x00, APS/PCC3: 0x00 
Payload Type: 0x08 
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Level of Output 


extensive 


extensive 


Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Filter statistics 


Field Description 


Receive and Transmit statistics reported by the PIC's MAC address filter 
subsystem. The filtering is done by the content-addressable memory 
(CAM) on the PIC. The filter examines a packet's source and destination 
MAC addresses to determine whether the packet may enter the system 
or be rejected. 


e Input packet count—Number of packets received from the MAC 
hardware that the filter processed. 


e Input packet rejects—Number of packets that the filter rejected because 
of either the source MAC address or the destination MAC address. 


e Input DA rejects—Number of packets that the filter rejected because 
the destination MAC address of the packet is not on the accept list. It 
is normal for this value to increment. When it increments very quickly 
and no traffic is entering the router from the far-end system, either 
there is a bad ARP entry on the far-end system, or multicast routing is 
not on and the far-end system is sending many multicast packets to the 
local router (which the router is rejecting). 


e Input SA rejects—Number of packets that the filter rejected because 
the source MAC address of the packet is not on the accept list. The 
value in this field must increment only if source MAC address filtering 
has been enabled. If filtering is enabled, if the value increments quickly, 
and if the system is not receiving traffic that it should from the far-end 
system, it means that the user-configured source MAC addresses for 
this interface are incorrect. 


e Output packet count—Number of packets that the filter has given to 
the MAC hardware. 


e Output packet pad count—Number of packets the filter padded to the 
minimum Ethernet size (60 bytes) before giving the packet to the MAC 
hardware. Usually, padding is done only on small ARP packets, but some 
very small IP packets can also require padding. If this value increments 
rapidly, either the system is trying to find an ARP entry for a far-end 
system that does not exist or it is misconfigured. 


e Output packet error count—Number of packets with an indicated error 
that the filter was given to transmit. These packets are usually aged 
packets or are the result of a bandwidth problem on the FPC hardware. 
On a normal system, the value of this field must not increment. 

e CAM destination filters, CAM source filters—Number of entries in the 
CAM dedicated to destination and source MAC address filters. There 
can only be up to 64 source entries. If source filtering is disabled, which 
is the default, the values for these fields must be O. 
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Level of Output 


extensive 
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Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


PMA PHY 


WIS section 


Field Description Level of Output 
(10-Gigabit Ethernet interfaces, WAN PHY mode) SONET error extensive 
information: 


e Seconds—Number of seconds the defect has been active. 


e Count—Number of times that the defect has gone from inactive to 
active. 


e State—State of the error. Any state other than OK indicates a problem. 
Subfields are: 


e PHY Lock—Phase-locked loop 
e PHY Light—Loss of optical signal 


(10-Gigabit Ethernet interfaces, WAN PHY mode) SONET error extensive 
information: 


e Seconds—Number of seconds the defect has been active. 


e Count—Number of times that the defect has gone from inactive to 
active. 


e State—State of the error. Any state other than OK indicates a problem. 
Subfields are: 


e BIP-B1—Bit interleaved parity for SONET section overhead 
e SEF—Severely errored framing 

e LOL-—Loss of light 

e LOF—Loss of frame 

e ES-S—Errored seconds (section) 


e SES-S—Severely errored seconds (section) 


SEFS-S—Severely errored framing seconds (section) 
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Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


WIS line 


Field Description Level of Output 


(10-Gigabit Ethernet interfaces, WAN PHY mode) Active alarms and extensive 
defects, plus counts of specific SONET errors with detailed information: 


e Seconds—Number of seconds the defect has been active. 


e Count—Number of times that the defect has gone from inactive to 
active. 


e State—State of the error. Any state other than OK indicates a problem. 
Subfields are: 


e BIP-B2-—Bit interleaved parity for SONET line overhead 
e REI-L—Remote error indication (near-end line) 

e RDI-L—Remote defect indication (near-end line) 

e AIS-L—Alarm indication signal (near-end line) 

e BERR-SF—Bit error rate fault (signal failure) 

e BERR-SD-—Bit error rate defect (signal degradation) 
e ES-L—Errored seconds (near-end line) 

e SES-L—Severely errored seconds (near-end line) 

e UAS-L—Unavailable seconds (near-end line) 

e ES-LFE—Errored seconds (far-end line) 

e SES-LFE—Severely errored seconds (far-end line) 


e UAS-LFE—Unavailable seconds (far-end line) 
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Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


WIS path 


Field Description Level of Output 


(10-Gigabit Ethernet interfaces, WAN PHY mode) Active alarms and extensive 
defects, plus counts of specific SONET errors with detailed information: 


e Seconds—Number of seconds the defect has been active. 


e Count—Number of times that the defect has gone from inactive to 
active. 


e State—State of the error. Any state other than OK indicates a problem. 
Subfields are: 


e BIP-B3-—Bit interleaved parity for SONET section overhead 
e REI-P—Remote error indication 

e LOP-P—Loss of pointer (path) 

e AlS-P—Path alarm indication signal 

e RDI-P—Path remote defect indication 

e UNEQ-P—Path unequipped 

e PLM-P—Path payload (signal) label mismatch 

e ES-P—Errored seconds (near-end STS path) 

e SES-P—Severely errored seconds (near-end STS path) 
e UAS-P—Unavailable seconds (near-end STS path) 

e SES-PFE—Severely errored seconds (far-end STS path) 
e UAS-PFE—Unavailable seconds (far-end STS path) 
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Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name Field Description Level of Output 
Autonegotiation Information about link autonegotiation. extensive 
information 


e Negotiation status: 


e Incomplete—Ethernet interface has the speed or link mode 
configured. 


e No autonegotiation—Remote Ethernet interface has the speed or 
link mode configured, or does not perform autonegotiation. 


e Complete—Ethernet interface is connected to a device that performs 
autonegotiation and the autonegotiation process is successful. 


e Link partner status—OK when Ethernet interface is connected to a 
device that performs autonegotiation and the autonegotiation process 
is successful. 


e Link partner—Information from the remote Ethernet device: 


e Link mode—Depending on the capability of the link partner, either 
Full-duplex or Half-duplex. 


e Flow control—Types of flow control supported by the link partner. 
For Gigabit Ethernet interfaces, types are Symmetric (link partner 
supports PAUSE on receive and transmit), Asymmetric (link partner 
supports PAUSE on transmit), Symmetric/Asymmetric (link partner 
supports PAUSE on receive and transmit or only PAUSE on transmit), 
and None (link partner does not support flow control). 


e Remote fault—Remote fault information from the link partner—Failure 
indicates a receive link error. OK indicates that the link partner is 
receiving. Negotiation error indicates a negotiation error. Offline 
indicates that the link partner is going offline. 


e Local resolution—Information from the local Ethernet device: 


e Flow control—Types of flow control supported by the local device. 
For Gigabit Ethernet interfaces, advertised capabilities are 
Symmetric/Asymmetric (local device supports PAUSE on receive 
and transmit or only PAUSE on receive) and None (local device does 
not support flow control). Depending on the result of the negotiation 
with the link partner, local resolution flow control type will display 
Symmetric (local device supports PAUSE on receive and transmit), 
Asymmetric (local device supports PAUSE on receive), and None 
(local device does not support flow control). 


e Remote fault—Remote fault information. Link OK (no error detected 
on receive), Offline (local interface is offline), and Link Failure (link 


error detected on receive). 
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Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 
Received path trace, 


Transmitted path 
trace 


Packet Forwarding 
Engine configuration 


CoS information 


Logical Interface 


Logical interface 


Index 


SNMP iflndex 


Generation 


Field Description Level of Output 


(10-Gigabit Ethernet interfaces, WAN PHY mode) SONET/SDH interfaces | extensive 
allow path trace bytes to be sent inband across the SONET/SDH link. 

Juniper Networks and other router manufacturers use these bytes to help 

diagnose misconfigurations and network errors by setting the transmitted 

path trace message so that it contains the system hostname and name of 

the physical interface. The received path trace value is the message 

received from the router at the other end of the fiber. The transmitted 

path trace value is the message that this router transmits. 


Information about the configuration of the Packet Forwarding Engine: extensive 
e Destination slot—FPC slot number. 
Information about the CoS queue for the physical interface. extensive 


e CoS transmit queue—Queue number and its associated user-configured 
forwarding class name. 

e Bandwidth %—Percentage of bandwidth allocated to the queue. 

e Bandwidth bps—Bandwidth allocated to the queue (in bps). 

e Buffer %—Percentage of buffer space allocated to the queue. 

e Buffer usec—Amount of buffer space allocated to the queue, in 
microseconds. This value is nonzero only if the buffer size is configured 
in terms of time. 

e Priority—Queue priority: low or high. 

e Limit—Displayed if rate limiting is configured for the queue. Possible 
values are none and exact. If exact is configured, the queue transmits 
only up to the configured bandwidth, even if excess bandwidth is 
available. If none is configured, the queue transmits beyond the 
configured bandwidth if bandwidth is available. 


Name of the logical interface. All levels 

Index number of the logical interface, which reflects its initialization detail extensive none 
sequence. 

SNMP interface index number for the logical interface. detail extensive none 


Unique number for use by Juniper Networks technical support only. detail extensive 


Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Flags 


VLAN-Tag 


Demux 


Encapsulation 


Field Description 


Information about the logical interface. Possible values are described in 


the “Logical Interface Flags” section under Common Output Fields 


Description. 


Rewrite profile applied to incoming or outgoing frames on the outer (Out) 


VLAN tag or for both the outer and inner (In) VLAN tags. 


e push—An outer VLAN tag is pushed in front of the existing VLAN tag. 


e pop—The outer VLAN tag of the incoming frame is removed. 


e swap—The outer VLAN tag of the incoming frame is overwritten with 
the user-specified VLAN tag information. 


e push—An outer VLAN tag is pushed in front of the existing VLAN tag. 
e push-push—Two VLAN tags are pushed in from the incoming frame. 


e swap-push—The outer VLAN tag of the incoming frame is replaced by 
a user-specified VLAN tag value. A user-specified outer VLAN tag is 
pushed in front. The outer tag becomes an inner tag in the final frame. 

e swap-swap—Both the inner and the outer VLAN tags of the incoming 
frame are replaced by the user-specified VLAN tag value. 


e pop-swap—The outer VLAN tag of the incoming frame is removed, and 
the inner VLAN tag of the incoming frame is replaced by the 
user-specified VLAN tag value. The inner tag becomes the outer tag in 


the final frame. 


e pop-pop—Both the outer and inner VLAN tags of the incoming frame 
are removed. 


IP demultiplexing (demux) value that appears if this interface is used as 
the demux underlying interface. The output is one of the following: 


e Source Family Inet 


e Destination Family Inet 


Encapsulation on the logical interface. 
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Level of Output 


All levels 


brief detail extensive 
none 


detail extensive none 


All levels 


Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name Field Description 


ACI VLAN Information displayed for agent circuit identifier (ACI) interface set 
configured with the agent-circuit-id autoconfiguration stanza. 


Dynamic Profile—Name of the dynamic profile that defines the ACI 
interface set. 


If configured, the ACI interface set enables the underlying Ethernet 
interface to create dynamic VLAN subscriber interfaces based on ACI 
information. 


NOTE: The ACI VLAN field is replaced with the Line Identity field when 
an ALl interface set is configured with the line-identity autoconfiguration 
stanza. 


Line Identity Information displayed for access-line-identifier (ALI) interface sets 
configured with the line-identity autoconfiguration stanza. 


e Dynamic Profile—Name of the dynamic profile that defines the ALI 
interface set. 


e Trusted option used to create the ALI interface set: Circuit-id, 
Remote-id, or Accept-no-ids. More than one option can be configured. 


If configured, the ALI interface set enables the underlying Ethernet 
interface to create dynamic VLAN subscriber interfaces based on ALI 
information. 


NOTE: The Line Identity field is replaced with the ACI VLAN field when 
an ACI interface set is configured with the agent-circuit-id 
autoconfiguration stanza. 


Protocol Protocol family. Possible values are described in the “Protocol Field” 
section under Common Output Fields Description. 


MTU Maximum transmission unit size on the logical interface. 


Neighbor Discovery NDP statistics for protocol inet6 under logical interface statistics. 


Protocol 
(NDP)Queue e Max nh cache—Maximum interface neighbor discovery nexthop cache 
Statistics ot 


e New hold nh limit—Maximum number of new unresolved nexthops. 
e Curr nh cnt—Current number of resolved nexthops in the NDP queue. 


e Curr new hold cnt—Current number of unresolved nexthops in the NDP 


queue. 


e NH drop cnt—Number of NDP requests not serviced. 
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Level of Output 


brief detail extensive 
none 


detail 


detail extensive none 


detail extensive none 


All levels 


Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Dynamic Profile 


Service Name Table 


Max Sessions 


Duplicate 
Protection 


Direct Connect 


AC Name 


Maximum labels 


Traffic statistics 


IPv6 transit 
statistics 


Local statistics 


Field Description 


Name of the dynamic profile that was used to create this interface 
configured with a Point-to-Point Protocol over Ethernet (PPPoE) family. 


Name of the service name table for the interface configured with a PPPoE 
family. 


Maximum number of PPPoE logical interfaces that can be activated on 
the underlying interface. 


State of PPPoE duplicate protection: On or Off. When duplicate protection 
is configured for the underlying interface, a dynamic PPPoE logical 
interface cannot be activated when an existing active logical interface is 
present for the same PPPoE client. 


State of the configuration to ignore DSL Forum VSAs: On or Off. When 
configured, the router ignores any of these VSAs received from a directly 
connected CPE device on the interface. 


Name of the access concentrator. 


Maximum number of MPLS labels configured for the MPLS protocol family 
on the logical interface. 


Number and rate of bytes and packets received and transmitted on the 
specified interface set. 


e Input bytes, Output bytes—Number of bytes received and transmitted 
on the interface set. The value in this field also includes the Layer 2 
overhead bytes for ingress or egress traffic on Ethernet interfaces if 
you enable accounting of Layer 2 overhead at the PIC level or the logical 
interface level. 


e Input packets, Output packets—Number of packets received and 
transmitted on the interface set. 


Number of IPvé6 transit bytes and packets received and transmitted on 
the logical interface if IPv6 statistics tracking is enabled. 


Number and rate of bytes and packets destined to the router. 


Level of Output 


detail extensive none 


detail extensive none 


detail extensive none 


detail extensive none 


detail extensive none 


detail extensive none 


detail extensive none 


detail extensive 


extensive 


extensive 
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Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


Transit statistics 


Generation 


Route Table 


Flags 


Donor interface 


Preferred source 
address 


Input Filters 


Output Filters 


Mac-Validate 


Failures 


Addresses, Flags 


Field Description Level of Output 


Number and rate of bytes and packets transiting the switch. extensive 


NOTE: For Gigabit Ethernet intelligent queuing 2 (IQ2) interfaces, the 
logical interface egress statistics might not accurately reflect the traffic 
on the wire when output shaping is applied. Traffic management output 
shaping might drop packets after they are tallied by the Output bytes and 
Output packets interface counters. However, correct values display for 
both of these egress statistics when per-unit scheduling is enabled for 
the Gigabit Ethernet I1Q2 physical interface, or when a single logical 
interface is actively using a shared scheduler. 


Unique number for use by Juniper Networks technical support only. detail extensive 


Route table in which the logical interface address is located. Forexample, detail extensive none 
0 refers to the routing table inet.0O. 

Information about protocol family flags. Possible values are described in detail extensive 
the “Family Flags” section under Common Output Fields Description. 
(Unnumbered Ethernet) Interface from which an unnumbered Ethernet — detail extensive none 
interface borrows an |Pv4 address. 

(Unnumbered Ethernet) Secondary IPv4 address of the donor loopback detail extensive none 
interface that acts as the preferred source address for the unnumbered 
Ethernet interface. 

Names of any input filters applied to this interface. If you specify a detail extensive 
precedence value for any filter in a dynamic profile, filter precedence 
values appear in parentheses next to all interfaces. 

Names of any output filters applied to this interface. If you specify a detail extensive 
precedence value for any filter in a dynamic profile, filter precedence 
values appear in parentheses next to all interfaces. 

Number of MAC address validation failures for packets and bytes. This detail extensive none 
field is displayed when MAC address validation is enabled for the logical 
interface. 

Information about the address flags. Possible values are described inthe detail extensive none 
“Addresses Flags” section under Common Output Fields Description. 


Table 57: show interfaces (Gigabit Ethernet) Output Fields (continued) 


Field Name 


protocol-family 


Flags 


Destination 


Local 


Broadcast 


Generation 


Field Description 


Protocol family configured on the logical interface. If the protocol is inet, 
the IP address of the interface is also displayed. 


Information about the address flag. Possible values are described in the 
“Addresses Flags” section under Common Output Fields Description. 


IP address of the remote side of the connection. 


IP address of the logical interface. 


Broadcast address of the logical interface. 


Unique number for use by Juniper Networks technical support only. 
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Level of Output 


brief 


detail extensive none 


detail extensive none 


detail extensive none 


detail extensive none 


detail extensive 


The following table describes the output fields for the show interfaces (10-Gigabit Ethernet) command. 


Field Name 


Physical interface 


Enabled 


Interface index 


SNMP iflndex 


Generation 


Link-level type 


MTU 


Speed 


Loopback 


Field Description 


Name of the physical interface. 


State of the interface. Possible values are described in the “Enabled Field” 
section under Common Output Fields Description. 


Index number of the physical interface, which reflects its initialization sequence. 


SNMP index number for the physical interface. 


Unique number for use by Juniper Networks technical support only. 


Encapsulation being used on the physical interface. 


Maximum transmission unit size on the physical interface. 


Speed at which the interface is running. 


Loopback status: Enabled or Disabled. If loopback is enabled, type of loopback: 


Local or Remote. 


Level of 
Output 


All levels 


All levels 


detail 


extensive none 


detail 
extensive none 


detail 
extensive 


All levels 


All levels 


All levels 


All levels 


Source filtering 


LAN-PHY mode 


WAN-PHY mode 


Unidirectional 


Flow control 


Auto-negotiation 


Remote-fault 


Device flags 


Interface flags 


Link flags 


Wavelength 


Frequency 


CoS queues 


Schedulers 


Hold-times 


Source filtering status: Enabled or Disabled. 


10-Gigabit Ethernet interface operating in Local Area Network Physical Layer 
Device (LAN PHY) mode. LAN PHY allows 10-Gigabit Ethernet wide area links 
to use existing Ethernet applications. 


10-Gigabit Ethernet interface operating in Wide Area Network Physical Layer 
Device (WAN PHY) mode. WAN PHY allows 10-Gigabit Ethernet wide area 


links to use fiber-optic cables and other devices intended for SONET/SDH. 


Unidirectional link mode status for 10-Gigabit Ethernet interface: Enabled or 
Disabled for parent interface; Rx-only or Tx-only for child interfaces. 


Flow control status: Enabled or Disabled. 


(Gigabit Ethernet interfaces) Autonegotiation status: Enabled or Disabled. 


(Gigabit Ethernet interfaces) Remote fault status: 


e Online—Autonegotiation is manually configured as online. 


e Offline—Autonegotiation is manually configured as offline. 


Information about the physical device. Possible values are described in the 
“Device Flags” section under Common Output Fields Description. 


Information about the interface. Possible values are described in the “Interface 
Flags” section under Common Output Fields Description. 


Information about the link. Possible values are described in the “Links Flags” 
section under Common Output Fields Description. 


(10-Gigabit Ethernet dense wavelength-division multiplexing [DWDM] 
interfaces) Displays the configured wavelength, in nanometers (nm). 


(10-Gigabit Ethernet DWDM interfaces only) Displays the frequency associated 
with the configured wavelength, in terahertz (THz). 


Number of CoS queues configured. 


(Gigabit Ethernet intelligent queuing 2 (IQ2) interfaces only) Number of CoS 


schedulers configured. 


Current interface hold-time up and hold-time down, in milliseconds. 
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All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


detail 


extensive none 


extensive 


detail 
extensive 


Current address 


Hardware 


address 


Last flapped 


Input Rate 


Output Rate 


Statistics last 
cleared 


Egress account 
overhead 


Ingress account 
overhead 


Traffic statistics 


Configured MAC address. 


Hardware MAC address. 


Date, time, and how long ago the interface went from down to up. The format 
is Last flapped: year-month-day hour.minute:second:timezone (hour:minute:second 
ago). For example, Last flapped: 2002-04-26 10:52:40 PDT (04:33:20 ago). 


Input rate in bits per second (bps) and packets per second (pps). The value in 
this field also includes the Layer 2 overhead bytes for ingress traffic on Ethernet 
interfaces if you enable accounting of Layer 2 overhead at the PIC level or the 
logical interface level. 


Output rate in bps and pps. The value in this field also includes the Layer 2 
overhead bytes for egress traffic on Ethernet interfaces if you enable accounting 
of Layer 2 overhead at the PIC level or the logical interface level. 


Time when the statistics for the interface were last set to zero. 


Layer 2 overhead in bytes that is accounted in the interface statistics for egress 
traffic. 


Layer 2 overhead in bytes that is accounted in the interface statistics for ingress 
traffic. 


Number and rate of bytes and packets received and transmitted on the physical 
interface. 


e Input bytes—Number of bytes received on the interface. The value in this 
field also includes the Layer 2 overhead bytes for ingress traffic on Ethernet 
interfaces if you enable accounting of Layer 2 overhead at the PIC level or 
the logical interface level. 


e Output bytes—Number of bytes transmitted on the interface. The value in 
this field also includes the Layer 2 overhead bytes for egress traffic on 
Ethernet interfaces if you enable accounting of Layer 2 overhead at the PIC 
level or the logical interface level. 


e Input packets—Number of packets received on the interface. 


e Output packets—Number of packets transmitted on the interface. 


detail 
extensive none 


detail 
extensive none 


detail 
extensive none 


None specified 


None specified 


detail 
extensive 


detail 
extensive 


detail 
extensive 


detail 
extensive 
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Input errors Input errors on the interface. The following paragraphs explain the counters extensive 
whose meaning might not be obvious: 


e Errors—Sum of the incoming frame aborts and FCS errors. 


e Drops—Number of packets dropped by the input queue of the I/O Manager 
ASIC. If the interface is saturated, this number increments once for every 
packet that is dropped by the ASIC's RED mechanism. 

e Framing errors—Number of packets received with an invalid frame checksum 
(FCS). 

e Runts—Number of frames received that are smaller than the runt threshold. 

e Policed discards—Number of frames that the incoming packet match code 
discarded because they were not recognized or not of interest. Usually, this 
field reports protocols that the Junos OS does not handle. 

e L3 incompletes—Number of incoming packets discarded because they failed 
Layer 3 (usually IPv4) sanity checks of the header. For example, a frame with 
less than 20 bytes of available IP header is discarded. L3 incomplete errors 
can be ignored by configuring the ignore-I3-incompletes statement. 

e L2 channel errors—Number of times the software did not find a valid logical 
interface for an incoming frame. 

e L2 mismatch timeouts—Number of malformed or short packets that caused 
the incoming packet handler to discard the frame as unreadable. 

e FIFO errors—Number of FIFO errors in the receive direction that are reported 
by the ASIC on the PIC. If this value is ever nonzero, the PIC is probably 
malfunctioning. 


e Resource errors—Sum of transmit drops. 


Output errors 


Output errors on the interface. The following paragraphs explain the counters 
whose meaning might not be obvious: 


e Carrier transitions—Number of times the interface has gone from down to 
up. This number does not normally increment quickly, increasing only when 
the cable is unplugged, the far-end system is powered down and then up, or 
another problem occurs. If the number of carrier transitions increments 
quickly (perhaps once every 10 seconds), the cable, the far-end system, or 
the PIC or PIM is malfunctioning. 


e Errors—Sum of the outgoing frame aborts and FCS errors. 


e Drops—Number of packets dropped by the output queue of the |/O Manager 
ASIC. If the interface is saturated, this number increments once for every 
packet that is dropped by the ASIC's RED mechanism. 


e Collisions—Number of Ethernet collisions. The Gigabit Ethernet PIC supports 
only full-duplex operation, so for Gigabit Ethernet PICs, this number should 
always remain O. If it is nonzero, there is a software bug. 


e Aged packets—Number of packets that remained in shared packet SDRAM 
so long that the system automatically purged them. The value in this field 
should never increment. If it does, it is most likely a software bug or possibly 
malfunctioning hardware. 


e FIFO errors—Number of FIFO errors in the send direction as reported by the 
ASIC on the PIC. If this value is ever nonzero, the PIC is probably 
malfunctioning. 

e HS link CRC errors—Number of errors on the high-speed links between the 
ASICs responsible for handling the router interfaces. 

e MTU errors—Number of packets whose size exceeded the MTU of the 


interface. 


e Resource errors—Sum of transmit drops. 
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extensive 


Egress queues 


Queue counters 
(Egress) 


Ingress queues 


Queue counters 
(Ingress) 


Active alarms and 
Active defects 


OTN alarms 
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Total number of egress queues supported on the specified interface. detail 


extensive 
NOTE: In DPCs that are not of the enhanced type, such as DPC 40x 1GE R, 


DPCE 20x 1GE + 2x 10GE R, or DPCE 40x 1GE R, you might notice a 
discrepancy in the output of the show interfaces command because incoming 
packets might be counted in the Egress queues section of the output. This 
problem occurs on non-enhanced DPCs because the egress queue statistics 
are polled from IMQ (Inbound Message Queuing) block of the I-chip. The IMQ 
block does not differentiate between ingress and egress WAN traffic; as a 
result, the combined statistics are displayed in the egress queue counters on 
the Routing Engine. In a simple VPLS scenorio, if there is no MAC entry in 
DMAC table (by sending unidirectional traffic), traffic is flooded and the input 
traffic is accounted in IMQ. For bidirectional traffic (MAC entry in DMAC table), 
if the outgoing interface is on the same I-chip then both ingress and egress 
statistics are counted in a combined way. If the outgoing interface is ona 
different I-chip or FPC, then only egress statistics are accounted in IMQ. This 
behavior is expected with non-enhanced DPCs 


CoS queue number and its associated user-configured forwarding class name. detail 


extensive 
e Queued packets—Number of queued packets. 


e Transmitted packets—Number of transmitted packets. 


e Dropped packets—Number of packets dropped by the ASIC's RED mechanism. 


Total number of ingress queues supported on the specified interface. Displayed | extensive 


on IQ2 interfaces. 


CoS queue number and its associated user-configured forwarding class name. | extensive 
Displayed on IQ2 interfaces. 


e Queued packets—Number of queued packets. 
e Transmitted packets—Number of transmitted packets. 


e Dropped packets—Number of packets dropped by the ASIC's RED mechanism. 


Ethernet-specific defects that can prevent the interface from passing packets. | detail 

When a defect persists for a certain amount of time, it is promoted to analarm. extensive none 
Based on the routing device configuration, an alarm can ring the red or yellow 

alarm bell on the routing device, or turn on the red or yellow alarm LED on the 

craft interface. These fields can contain the value None or Link. 


e None—There are no active defects or alarms. 
e Link—Interface has lost its link state, which usually means that the cable is 
unplugged, the far-end system has been turned off, or the PIC is 


malfunctioning. 


Active OTN alarms identified on the interface. detail 
extensive 


OTN defects 


OTN FEC Mode 


OTN Rate 


OTN Line 
Loopback 


OTN FEC 
statistics 


OTN FEC alarms 


OTN OC 


OTN defects received on the interface. 


The FECmode configured on the interface. 


e efec—Enhanced forward error correction (EFEC) is configured to defect and 


e gfec—G.709 Forward error correction (GFEC) mode is configured to detect 


correct bit errors. 


and correct bit errors. 


none—FEC mode is not configured. 


OTN mode. 


Status of the line loopback, if configured for the DWDM OTN PIC. Its value 


fixed-stuff-bytes—Fixed stuff bytes 11.0957 Gbps. 
no-fixed-stuff-bytes—No fixed stuff bytes 11.0491 Gbps. 
pass-through—Enable OTN passthrough mode. 
no-pass-through—Do not enable OTN passthrough mode. 


can be: enabled or disabled. 


The forward error correction (FEC) counters for the DWDM OTN PIC. 


e Corrected Errors—The count of corrected errors in the last second. 


e Corrected Error Ratio—The corrected error ratio in the last 25 seconds. For 


OTN FEC excessive or degraded error alarms triggered on the interface. 


example, 1e-7 is 1 error per 10 million bits. 


FEC Degrade—OTU FEC Degrade defect. 
FEC Excessive—OTU FEC Excessive Error defect. 


OTN OC defects triggered on the interface. 


LOS—OC Loss of Signal defect. 

LOF—OC Loss of Frame defect. 

LOM—OC Loss of Multiframe defect. 
Wavelength Lock—OC Wavelength Lock defect. 
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detail 
extensive 


detail 
extensive 


detail 
extensive 


detail 
extensive 


detail 
extensive 


detail 
extensive 


detail 
extensive 


OTN OTU 


Received DAPI 


Received SAPI 


Transmitted DAPI 


Transmitted SAPI 


PCS statistics 


OTN OTU defects detected on the interface detail 


extensive 
e AIS—OTN AIS alarm. 


e BDI—OTN OTU BD! alarm. 

e IAE—OTN OTUIAE alarm. 

e TTIM—OTN OTUTTIM alarm. 

e SF—OTN ODU bit error rate fault alarm. 

e SD—OTN ODU bit error rate defect alarm. 
e TCA-ES—OTN ODU ES threshold alarm. 

e TCA-SES—OTN ODU SES threshold alarm. 
e TCA-UAS—OTN ODU UAS threshold alarm. 
e TCA-BBE—OTN ODU BBE threshold alarm. 
e BIP—OTN ODU BIP threshold alarm. 

e BBE—OTN OTU BBE threshold alarm. 

e ES—OTN OTU ES threshold alarm. 

e SES—OTN OTU SES threshold alarm. 

e UAS—OTN OTU UAS threshold alarm. 


Destination Access Port Interface (DAPI) from which the packets were received. detail 
extensive 


Source Access Port Interface (SAPI) from which the packets were received. detail 
extensive 


Destination Access Port Interface (DAPI) to which the packets were transmitted. detail 
extensive 


Source Access Port Interface (SAPI) to which the packets were transmitted. detail 
extensive 


(10-Gigabit Ethernet interfaces) Displays Physical Coding Sublayer (PCS) fault | detail 
conditions from the WAN PHY or the LAN PHY device. extensive 


e Bit errors—The number of seconds during which at least one bit error rate 
(BER) occurred while the PCS receiver is operating in normal mode. 


e Errored blocks—The number of seconds when at least one errored block 
occurred while the PCS receiver is operating in normal mode. 
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MAC statistics 


OTN Received 
Overhead Bytes 


OTN Transmitted 
Overhead Bytes 


Receive and Transmit statistics reported by the PIC's MAC subsystem, including 
the following: 


e Total octets and total packets—Total number of octets and packets. For 
Gigabit Ethernet IQ PICs, the received octets count varies by interface type. 


e Unicast packets, Broadcast packets, and Multicast packets—Number of 
unicast, broadcast, and multicast packets. 


e CRC/Align errors—Total number of packets received that had a length 
(excluding framing bits, but including FCS octets) of between 64 and 1518 
octets, inclusive, and had either a bad FCS with an integral number of octets 
(FCS Error) or a bad FCS with a nonintegral number of octets (Alignment 


Error). 


e FIFO error—Number of FIFO errors that are reported by the ASIC on the 
PIC. If this value is ever nonzero, the PIC ora cable is probably malfunctioning. 


e MAC control frames—Number of MAC control frames. 


e MAC pause frames—Number of MAC control frames with pause operational 
code. 


e Oversized frames—Number of frames that exceed 1518 octets. 


e Jabber frames—Number of frames that were longer than 1518 octets 
(excluding framing bits, but including FCS octets), and had either an FCS error 
or an alignment error. This definition of jabber is different from the definition 
in IEEE-802.3 section 8.2.1.5 (LOBASE5) and section 10.3.1.4 (1OBASE2). 
These documents define jabber as the condition in which any packet exceeds 
20 ms. The allowed range to detect jabber is from 20 ms to 150 ms. 


e Fragment frames—Total number of packets that were less than 64 octets in 
length (excluding framing bits, but including FCS octets), and had either an 
FCS error or an alignment error. Fragment frames normally increment because 
both runts (which are normal occurrences caused by collisions) and noise 
hits are counted. 

e VLAN tagged frames—Number of frames that are VLAN tagged. The system 
uses the TPID of 0x8100 in the frame to determine whether a frame is tagged 


or not. 


e Code violations—Number of times an event caused the PHY to indicate “Data 
reception error” or “invalid data symbol error.” 


APS/PCCO: 0x02, APS/PCC1: 0x11, APS/PCC2: 0x47, APS/PCC3: 0x58 Payload 
Type: 0x08 


APS/PCCO: 0x00, APS/PCC1: 0x00, APS/PCC2: 0x00, APS/PCC3: 0x00 Payload 
Type: 0x08 


extensive 


extensive 


extensive 
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Filter statistics 


PMA PHY 
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Receive and Transmit statistics reported by the PIC's MAC address filter extensive 
subsystem. The filtering is done by the content-addressable memory (CAM) on 

the PIC. The filter examines a packet's source and destination MAC addresses 

to determine whether the packet should enter the system or be rejected. 


e Input packet count—Number of packets received from the MAC hardware 
that the filter processed. 


e Input packet rejects—Number of packets that the filter rejected because of 
either the source MAC address or the destination MAC address. 


e Input DA rejects—Number of packets that the filter rejected because the 
destination MAC address of the packet is not on the accept list. It is normal 
for this value to increment. When it increments very quickly and no traffic 
is entering the routing device from the far-end system, either there is a bad 
ARP entry on the far-end system, or multicast routing is not on and the 
far-end system is sending many multicast packets to the local routing device 
(which the routing device is rejecting). 


e Input SA rejects—Number of packets that the filter rejected because the 
source MAC address of the packet is not on the accept list. The value in this 
field should increment only if source MAC address filtering has been enabled. 
If filtering is enabled, if the value increments quickly, and if the system is not 
receiving traffic that it should from the far-end system, it means that the 
user-configured source MAC addresses for this interface are incorrect. 


e Output packet count—Number of packets that the filter has given to the 
MAC hardware. 


e Output packet pad count—Number of packets the filter padded to the 
minimum Ethernet size (60 bytes) before giving the packet to the MAC 
hardware. Usually, padding is done only on small ARP packets, but some very 
small IP packets can also require padding. If this value increments rapidly, 
either the system is trying to find an ARP entry for a far-end system that 
does not exist or it is misconfigured. 


e Output packet error count—Number of packets with an indicated error that 
the filter was given to transmit. These packets are usually aged packets or 
are the result of a bandwidth problem on the FPC hardware. On a normal 
system, the value of this field should not increment. 

e CAM destination filters, CAM source filters—Number of entries in the CAM 
dedicated to destination and source MAC address filters. There can only be 
up to 64 source entries. If source filtering is disabled, which is the default, 
the values for these fields should be O. 


(10-Gigabit Ethernet interfaces, WAN PHY mode) SONET error information: extensive 


e Seconds—Number of seconds the defect has been active. 
e Count—Number of times that the defect has gone from inactive to active. 


e State—State of the error. Any state other than OK indicates a problem. 


WIS section 


WIS line 


(10-Gigabit Ethernet interfaces, WAN PHY mode) SONET error information: 


e Seconds—Number of seconds the defect has been active. 
e Count—Number of times that the defect has gone from inactive to active. 


e State—State of the error. Any state other than OK indicates a problem. 
Subfields are: 


e BIP-B1—Bit interleaved parity for SONET section overhead 
e SEF—Severely errored framing 

e LOL—Loss of light 

e LOF—Loss of frame 

e ES-S—Errored seconds (section) 

e SES-S—Severely errored seconds (section) 


e SEFS-S—Severely errored framing seconds (section) 


(10-Gigabit Ethernet interfaces, WAN PHY mode) Active alarms and defects, 
plus counts of specific SONET errors with detailed information. 


e Seconds—Number of seconds the defect has been active. 
e Count—Number of times that the defect has gone from inactive to active. 


e State—State of the error. State other than OK indicates a problem. 


Subfields are: 


e BIP-B2—Bit interleaved parity for SONET line overhead 
e REI-L—Remote error indication (near-end line) 

e RDI-L—Remote defect indication (near-end line) 

e AIS-L—Alarm indication signal (near-end line) 

e BERR-SF—Bit error rate fault (signal failure) 

e BERR-SD-—Bit error rate defect (signal degradation) 
e ES-L—Errored seconds (near-end line) 

e SES-L—Severely errored seconds (near-end line) 

e UAS-L—Unavailable seconds (near-end line) 

e ES-LFE—Errored seconds (far-end line) 

e SES-LFE—Severely errored seconds (far-end line) 


e UAS-LFE—Unavailable seconds (far-end line) 


extensive 


extensive 
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WIS path 


(10-Gigabit Ethernet interfaces, WAN PHY mode) Active alarms and defects, 
plus counts of specific SONET errors with detailed information. 


e Seconds—Number of seconds the defect has been active. 

e Count—Number of times that the defect has gone from inactive to active. 
e State—State of the error. Any state other than OK indicates a problem. 
Subfields are: 


e BIP-B3-—Bit interleaved parity for SONET section overhead 
e REI-P—Remote error indication 

e LOP-P—Loss of pointer (path) 

e AlS-P—Path alarm indication signal 

e RDI-P—Path remote defect indication 

e UNEQ-P—Path unequipped 

e PLM-P—Path payload label mismatch 

e ES-P—Errored seconds (near-end STS path) 

e SES-P—Severely errored seconds (near-end STS path) 
e UAS-P—Unavailable seconds (near-end STS path) 

e SES-PFE—Severely errored seconds (far-end STS path) 
e UAS-PFE—Unavailable seconds (far-end STS path) 
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extensive 


Autonegotiation 
information 


Received path 
trace, 
Transmitted path 
trace 
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Information about link autonegotiation. extensive 


e Negotiation status: 
e Incomplete—Ethernet interface has the speed or link mode configured. 


e No autonegotiation—Remote Ethernet interface has the speed or link 
mode configured, or does not perform autonegotiation. 


e Complete—Ethernet interface is connected to a device that performs 


autonegotiation and the autonegotiation process is successful. 


e Link partner status—OK when Ethernet interface is connected to a device 
that performs autonegotiation and the autonegotiation process is successful. 


e Link partner: 


e Link mode—Depending on the capability of the attached Ethernet device, 
either Full-duplex or Half-duplex. 


e Flow control—Types of flow control supported by the remote Ethernet 
device. For Fast Ethernet interfaces, the type is None. For Gigabit Ethernet 
interfaces, types are Symmetric (link partner supports PAUSE on receive 
and transmit), Asymmetric (link partner supports PAUSE on transmit), and 
Symmetric/Asymmetric (link partner supports both PAUSE on receive and 
transmit or only PAUSE receive). 


e Remote fault—Remote fault information from the link partner—Failure 
indicates a receive link error. OK indicates that the link partner is receiving. 
Negotiation error indicates a negotiation error. Offline indicates that the 
link partner is going offline. 


e Local resolution—Information from the link partner: 


e Flow control—Types of flow control supported by the remote Ethernet 
device. For Gigabit Ethernet interfaces, types are Symmetric (link partner 
supports PAUSE on receive and transmit), Asymmetric (link partner 
supports PAUSE on transmit), and Symmetric/Asymmetric (link partner 
supports both PAUSE on receive and transmit or only PAUSE receive). 


e Remote fault—Remote fault information. Link OK (no error detected on 
receive), Offline (local interface is offline), and Link Failure (link error 
detected on receive). 


(10-Gigabit Ethernet interfaces, WAN PHY mode) SONET/SDH interfaces allow | extensive 
path trace bytes to be sent inband across the SONET/SDH link. Juniper 

Networks and other router manufacturers use these bytes to help diagnose 
misconfigurations and network errors by setting the transmitted path trace 

message so that it contains the system hostname and name of the physical 

interface. The received path trace value is the message received from the 

routing device at the other end of the fiber. The transmitted path trace value 

is the message that this routing device transmits. 


Packet 
Forwarding 
Engine 
configuration 


CoS information 


Logical Interface 


Logical interface 


Index 


SNMP iflndex 


Generation 


Flags 


Information about the configuration of the Packet Forwarding Engine: 


e Destination slot—FPC slot number. 


Information about the CoS queue for the physical interface. 


e CoS transmit queue—Queue number and its associated user-configured 
forwarding class name. 


e Bandwidth %—Percentage of bandwidth allocated to the queue. 
e Bandwidth bps—Bandwidth allocated to the queue (in bps). 
e Buffer %—Percentage of buffer space allocated to the queue. 


e Buffer usec—Amount of buffer space allocated to the queue, in microseconds. 


This value is nonzero only if the buffer size is configured in terms of time. 
e Priority—Queue priority: low or high. 


e Limit—Displayed if rate limiting is configured for the queue. Possible values 
are none and exact. If exact is configured, the queue transmits only up to 
the configured bandwidth, even if excess bandwidth is available. If none is 
configured, the queue transmits beyond the configured bandwidth if 
bandwidth is available. 


Name of the logical interface. 


Index number of the logical interface, which reflects its initialization sequence. 


SNMP interface index number for the logical interface. 


Unique number for use by Juniper Networks technical support only. 


Information about the logical interface. Possible values are described in the 
“Logical Interface Flags” section under Common Output Fields Description. 
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extensive 


extensive 


All levels 


detail 
extensive none 


detail 
extensive none 


detail 
extensive 


All levels 


VLAN-Tag 


Demux: 


Encapsulation 


Protocol 


MTU 


Maximum labels 
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Rewrite profile applied to incoming or outgoing frames on the outer (Out) VLAN _ brief detail 
tag or for both the outer and inner (In) VLAN tags. extensive none 


e push—An outer VLAN tag is pushed in front of the existing VLAN tag. 
e pop—The outer VLAN tag of the incoming frame is removed. 


e swap—The outer VLAN tag of the incoming frame is overwritten with the 
user specified VLAN tag information. 


e push—An outer VLAN tag is pushed in front of the existing VLAN tag. 
e push-push—Two VLAN tags are pushed in from the incoming frame. 


e swap-push—The outer VLAN tag of the incoming frame is replaced by a 
user-specified VLAN tag value. A user-specified outer VLAN tag is pushed 
in front. The outer tag becomes an inner tag in the final frame. 


e swap-swap—Both the inner and the outer VLAN tags of the incoming frame 
are replaced by the user specified VLAN tag value. 

e pop-swap—The outer VLAN tag of the incoming frame is removed, and the 
inner VLAN tag of the incoming frame is replaced by the user-specified VLAN 


tag value. The inner tag becomes the outer tag in the final frame. 


e pop-pop—Both the outer and inner VLAN tags of the incoming frame are 


removed. 
IP demultiplexing (demux) value that appears if this interface is used as the detail 
demux underlying interface. The output is one of the following: extensive none 


e Source Family Inet 


e Destination Family Inet 


Encapsulation on the logical interface. All levels 


Protocol family. Possible values are described in the “Protocol Field” section detail 
under Common Output Fields Description. extensive none 


Maximum transmission unit size on the logical interface. detail 
extensive none 


Maximum number of MPLS labels configured for the MPLS protocol family on | detail 
the logical interface. extensive none 


Traffic statistics 


IPv6 transit 
statistics 


Local statistics 


Transit statistics 


Generation 


Route Table 


Flags 


Donor interface 


Preferred source 


address 


Input Filters 


Number and rate of bytes and packets received and transmitted on the specified 
interface set. 


e Input bytes, Output bytes—Number of bytes received and transmitted on 
the interface set. The value in this field also includes the Layer 2 overhead 
bytes for ingress or egress traffic on Ethernet interfaces if you enable 
accounting of Layer 2 overhead at the PIC level or the logical interface level. 


e Input packets, Output packets—Number of packets received and transmitted 
on the interface set. 


Number of IPvé6 transit bytes and packets received and transmitted on the 
logical interface if IPv6 statistics tracking is enabled. 


Number and rate of bytes and packets destined to the routing device. 


Number and rate of bytes and packets transiting the switch. 


NOTE: For Gigabit Ethernet intelligent queuing 2 (IQ2) interfaces, the logical 
interface egress statistics might not accurately reflect the traffic on the wire 
when output shaping is applied. Traffic management output shaping might drop 
packets after they are tallied by the Output bytes and Output packets interface 
counters. However, correct values display for both of these egress statistics 
when per-unit scheduling is enabled for the Gigabit Ethernet 1Q2 physical 
interface, or when a single logical interface is actively using a shared scheduler. 


Unique number for use by Juniper Networks technical support only. 


Route table in which the logical interface address is located. For example, 0 


refers to the routing table inet.O. 


Information about protocol family flags. Possible values are described in the 
“Family Flags” section under Common Output Fields Description. 


(Unnumbered Ethernet) Interface from which an unnumbered Ethernet interface 
borrows an |IPv4 address. 


(Unnumbered Ethernet) Secondary IPv4 address of the donor loopback interface 
that acts as the preferred source address for the unnumbered Ethernet interface. 


Names of any input filters applied to this interface. If you specify a precedence 
value for any filter in a dynamic profile, filter precedence values appear in 
parenthesis next to all interfaces. 


875 


detail 
extensive 


extensive 


extensive 


extensive 


detail 
extensive 


detail 
extensive none 


detail 
extensive 


detail 
extensive none 


detail 
extensive none 


detail 
extensive 


Output Filters 


Mac-Validate 


Failures 


Addresses, Flags 


protocol-family 


Flags 


Destination 


Local 


Broadcast 


Generation 


Names of any output filters applied to this interface. If you specify a precedence 
value for any filter in a dynamic profile, filter precedence values appear in 
parenthesis next to all interfaces. 


Number of MAC address validation failures for packets and bytes. This field is 
displayed when MAC address validation is enabled for the logical interface. 


Information about the address flags. Possible values are described in the 
“Addresses Flags” section under Common Output Fields Description. 


Protocol family configured on the logical interface. If the protocol is inet, the 
IP address of the interface is also displayed. 


Information about address flag (possible values are described in the “Addresses 


Flags” section under Common Output Fields Description. 


IP address of the remote side of the connection. 


IP address of the logical interface. 


Broadcast address of the logical interlace. 


Unique number for use by Juniper Networks technical support only. 


detail 
extensive 


detail 
extensive none 


detail 
extensive none 


brief 


detail 
extensive none 


detail 
extensive none 


detail 
extensive none 


detail 
extensive none 


detail 
extensive 


For Gigabit Ethernet IQ PICs, traffic and MAC statistics output varies. The following table describes the 
traffic and MAC statistics for two sample interfaces, each of which is sending traffic in packets of 500 
bytes (including 478 bytes for the Layer 3 packet, 18 bytes for the Layer 2 VLAN traffic header, and 4 
bytes for cyclic redundancy check [CRC] information). The ge-0/3/0 interface is the inbound physical 
interface, and the ge-0/0/0 interface is the outbound physical interface. On both interfaces, traffic is 
carried on logical unit .50 (VLAN 50). 
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Table 58: Gigabit and 10 Gigabit Ethernet IQ PIC Traffic and MAC Statistics by Interface Type 


Interface Type 


Inbound physical interface 


Inbound logical interface 


Outbound physical 
interface 


Outbound logical interface 


Sample Command 


show interfaces ge-0/3/0 
extensive 


show interfaces 
ge-0/3/0.50 extensive 


show interfaces ge-0/0/0 
extensive 


show interfaces 
ge-0/0/0.50 extensive 


Byte and Octet Counts 
Include 


Traffic statistics: 


Input bytes: 496 bytes per 
packet, representing the 
Layer 2 packet 


MAC statistics: 


Received octets: 500 bytes 
per packet, representing 
the Layer 2 packet + 4 
bytes 


Traffic statistics: 


Input bytes: 478 bytes per 
packet, representing the 
Layer 3 packet 


Traffic statistics: 


Input bytes: 490 bytes per 
packet, representing the 
Layer 3 packet + 12 bytes 


MAC statistics: 


Received octets: 478 bytes 
per packet, representing 
the Layer 3 packet 


Traffic statistics: 


Input bytes: 478 bytes per 
packet, representing the 
Layer 3 packet 


Comments 


The additional 4 bytes are 
for the CRC. 


For input bytes, the 
additional 12 bytes include 
6 bytes for the destination 
MAC address plus 4 bytes 
for VLAN plus 2 bytes for 
the Ethernet type. 


Table 59 on page 878 lists the output fields for the show interfaces command. Output fields are listed in 


the approximate order in which they appear. 


Table 59: show interfaces Output Fields 


Field Name 


Physical Interface 


Physical interface 


Enabled 


Interface index 


SNMP iflndex 


Link-level type 


Generation 


MTU 


Link mode 


Speed 


BPDU error 


Loopback 


Source filtering 


Flow control 


Auto-negotiation 


Remote-fault 


Device flags 


Interface flags 


Link flags 


Field Description 


Name of the physical interface. 


State of the interface. 


Index number of the physical interface, which reflects its initialization 
sequence. 


SNMP index number for the physical interface. 


Encapsulation being used on the physical interface. 


Unique number for use by Juniper Networks technical support only. 


Maximum transmission unit size on the physical interface. 


Link mode: Full-duplex or Half-duplex. 


Speed at which the interface is running. 


Bridge protocol data unit (BPDU) error: Detected or None 


Loopback status: Enabled or Disabled. If loopback is enabled, type of 
loopback: Local or Remote. 


Source filtering status: Enabled or Disabled. 


Flow control status: Enabled or Disabled. 


(Gigabit Ethernet interfaces) Autonegotiation status: Enabled or Disabled. 


(Gigabit Ethernet interfaces) Remote fault status: 


e Online—Autonegotiation is manually configured as online. 


e Offline—Autonegotiation is manually configured as offline. 


Information about the physical device. 


Information about the interface. 


Information about the physical link. 
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Level of Output 


All levels 


All levels 


detail extensive none 


detail extensive none 


All levels 


detail extensive 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 


All levels 
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Table 59: show interfaces Output Fields (continued) 


Field Name 


CoS queues 


Current address 


Last flapped 


Input Rate 


Output Rate 


Active alarms and 
Active defects 


Statistics last 
cleared 


Traffic statistics 


Field Description Level of Output 
Number of CoS queues configured. detail extensive none 
Configured MAC address. detail extensive none 


Date, time, and how long ago the interface went from down to up. The detail extensive none 
format is Last flapped: year-month-day hour:minute:second:timezone 
(hour:minute:second ago). For example, Last flapped: 2002-04-26 10:52:40 


PDT (04:33:20 ago). 

Input rate in bits per second (bps) and packets per second (pps). None 

Output rate in bps and pps. None 
Ethernet-specific defects that can prevent the interface from passing detail extensive none 


packets. When a defect persists for a certain amount of time, it is 
promoted to an alarm. These fields can contain the value None or Link. 


e None—There are no active defects or alarms. 


e Link—Interface has lost its link state, which usually means that the cable 
is unplugged, the far-end system has been turned off, or the PIC is 


malfunctioning. 


Time when the statistics for the interface were last set to zero. detail extensive 


Number and rate of bytes and packets received and transmitted on the __ detail extensive 


physical interface. 


e Input bytes—Number of bytes received on the interface. 
e Output bytes—Number of bytes transmitted on the interface. 
e Input packets—Number of packets received on the interface. 


e Output packets—Number of packets transmitted on the interface. 
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Table 59: show interfaces Output Fields (continued) 


Field Name 


Input errors 


Field Description Level of Output 


Input errors on the interface. extensive 


e Errors—Sum of the incoming frame aborts and FCS errors. 


e Drops—Number of packets dropped by the input queue of the I/O 
Manager ASIC. If the interface is saturated, this number increments 
once for every packet that is dropped by the ASIC's RED mechanism. 


e Framing errors—Number of packets received with an invalid frame 
checksum (FCS). 


e Runts—Number of frames received that are smaller than the runt 
threshold. 


e Policed discards—Number of frames that the incoming packet match 
code discarded because they were not recognized or not of interest. 
Usually, this field reports protocols that Junos OS does not handle. 


e L3 incompletes—Number of incoming packets discarded because they 
failed Layer 3 (usually IPv4) sanity checks of the header. For example, 
a frame with less than 20 bytes of available IP header is discarded. L3 
incomplete errors can be ignored by configuring the 
ignore-l3-incompletes . 


e L2 channel errors—Number of times the software did not find a valid 
logical interface for an incoming frame. 

e L2 mismatch timeouts—Number of malformed or short packets that 
caused the incoming packet handler to discard the frame as unreadable. 


e FIFO errors—Number of FIFO errors in the receive direction that are 
reported by the ASIC on the PIC. If this value is ever nonzero, the PIC 
is probably malfunctioning. 


e Resource errors—Sum of transmit drops. 
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Table 59: show interfaces Output Fields (continued) 


Field Name 


Output errors 


Ingress queues 


Queue counters and 
queue number 


Field Description Level of Output 


Output errors on the interface. extensive 


e Carrier transitions—Number of times the interface has gone from down 
to up. This number does not normally increment quickly, increasing 
only when the cable is unplugged, the far-end system is powered down 
and then up, or another problem occurs. If the number of carrier 
transitions increments quickly (perhaps once every 10 seconds), the 
cable, the far-end system, or the PIC or PIM is malfunctioning. 

e Errors—Sum of the outgoing frame aborts and FCS errors. 

e Drops—Number of packets dropped by the output queue of the I/O 
Manager ASIC. If the interface is saturated, this number increments 
once for every packet that is dropped by the ASIC's RED mechanism. 

e Collisions—Number of Ethernet collisions. The Gigabit Ethernet PIC 
supports only full-duplex operation; therefore, for Gigabit Ethernet 
PICs, this number must always remain O. If it is nonzero, there is a 
software bug. 

e Aged packets—Number of packets that remained in shared packet 
SDRAM so long that the system automatically purged them. The value 
in this field must never increment. If it does, it is most likely a software 
bug or possibly malfunctioning hardware. 

e FIFO errors—Number of FIFO errors in the send direction as reported 
by the ASIC on the PIC. If this value is ever nonzero, the PIC is probably 
malfunctioning. 

e HS link CRC errors—Number of errors on the high-speed links between 
the ASICs responsible for handling the interfaces. 

e MTU errors—Number of packets whose size exceeded the MTU of the 


interface. 


e Resource errors—Sum of transmit drops. 


Total number of ingress queues supported on the specified interface. extensive 


CoS queue number and its associated user-configured forwarding class detail extensive 


name. 


e Queued packets—Number of queued packets. 
e Transmitted packets—Number of transmitted packets. 


e Dropped packets—Number of packets dropped by the ASIC's RED 
mechanism. 
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Table 59: show interfaces Output Fields (continued) 


Field Name 


MAC statistics 


Field Description Level of Output 


Receive and Transmit statistics reported by the PIC's MAC subsystem, extensive 
including the following: 


e Total octets and total packets—Total number of octets and packets. 


e Unicast packets, Broadcast packets, and Multicast packets—Number 
of unicast, broadcast, and multicast packets. 


e CRC/Align errors—Total number of packets received that had a length 
(excluding framing bits, but including FCS octets) of between 64 and 
1518 octets, inclusive, and had either a bad FCS with an integral number 
of octets (FCS Error) or a bad FCS with a nonintegral number of octets 
(Alignment Error). 


e FIFO error—Number of FIFO errors that are reported by the ASIC on 
the PIC. If this value is ever nonzero, the PIC or a cable is probably 
malfunctioning. 


e MAC control frames—Number of MAC control frames. 


e MAC pause frames—Number of MAC control frames with pause 
operational code. 


e Oversized frames—There are two possible conditions regarding the 
number of oversized frames: 


e Packet length exceeds 1518 octets, or 
e Packet length exceeds MRU 


e Jabber frames—Number of frames that were longer than 1518 octets 
(excluding framing bits, but including FCS octets), and had either an 
FCS error or an alignment error. This definition of jabber is different 
from the definition in IEEE-802.3 section 8.2.1.5 (LOBASE5) and section 
10.3.1.4 (1OBASE2). These documents define jabber as the condition 
in which any packet exceeds 20 ms. The allowed range to detect jabber 
is from 20 ms to 150 ms. 


e Fragment frames—Total number of packets that were less than 64 
octets in length (excluding framing bits, but including FCS octets) and 
had either an FCS error or an alignment error. Fragment frames normally 
increment because both runts (which are normal occurrences caused 
by collisions) and noise hits are counted. 


e VLAN tagged frames—Number of frames that are VLAN tagged. The 
system uses the TPID of 0x8100 in the frame to determine whether a 
frame is tagged or not. 


e Code violations—Number of times an event caused the PHY to indicate 
“Data reception error” or “invalid data symbol error.” 


Table 59: show interfaces Output Fields (continued) 


Field Name 


Filter statistics 


Field Description 


Receive and Transmit statistics reported by the PIC's MAC address filter 
subsystem. The filtering is done by the content-addressable memory 
(CAM) on the PIC. The filter examines a packet's source and destination 
MAC addresses to determine whether the packet should enter the system 
or be rejected. 


e Input packet count—Number of packets received from the MAC 
hardware that the filter processed. 


e Input packet rejects—Number of packets that the filter rejected because 
of either the source MAC address or the destination MAC address. 


e Input DA rejects—Number of packets that the filter rejected because 
the destination MAC address of the packet is not on the accept list. It 
is normal for this value to increment. When it increments very quickly 
and no traffic is entering the device from the far-end system, either 
there is a bad ARP entry on the far-end system, or multicast routing is 
not on and the far-end system is sending many multicast packets to the 
local device (which the router is rejecting). 


e Input SA rejects—Number of packets that the filter rejected because 
the source MAC address of the packet is not on the accept list. The 
value in this field should increment only if source MAC address filtering 
has been enabled. If filtering is enabled, if the value increments quickly, 
and if the system is not receiving traffic that it should from the far-end 
system, it means that the user-configured source MAC addresses for 
this interface are incorrect. 


e Output packet count—Number of packets that the filter has given to 
the MAC hardware. 


e Output packet pad count—Number of packets the filter padded to the 
minimum Ethernet size (60 bytes) before giving the packet to the MAC 
hardware. Usually, padding is done only on small ARP packets, but some 
very small IP packets can also require padding. If this value increments 
rapidly, either the system is trying to find an ARP entry for a far-end 
system that does not exist or it is misconfigured. 


e Output packet error count—Number of packets with an indicated error 
that the filter was given to transmit. These packets are usually aged 
packets or are the result of a bandwidth problem on the FPC hardware. 
On a normal system, the value of this field should not increment. 

e CAM destination filters, CAM source filters—Number of entries in the 
CAM dedicated to destination and source MAC address filters. There 
can only be up to 64 source entries. If source filtering is disabled, which 
is the default, the values for these fields must be O. 
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Level of Output 


extensive 
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Table 59: show interfaces Output Fields (continued) 


Field Name 


Autonegotiation 
information 


Packet Forwarding 
Engine configuration 


CoS information 


Interface transmit 
statistics 


Queue counters 
(Egress) 


Field Description Level of Output 


Information about link autonegotiation. extensive 


e Negotiation status: 


e Incomplete—Ethernet interface has the speed or link mode 
configured. 

e No autonegotiation—Remote Ethernet interface has the speed or 
link mode configured, or does not perform autonegotiation. 

e Complete—Ethernet interface is connected to a device that performs 
autonegotiation and the autonegotiation process is successful. 


Information about the configuration of the Packet Forwarding Engine: extensive 
e Destination slot—FPC slot number. 


Information about the CoS queue for the physical interface. extensive 


CoS transmit queue—Queue number and its associated user-configured 


forwarding class name. 

Bandwidth %—Percentage of bandwidth allocated to the queue. 
Bandwidth bps—Bandwidth allocated to the queue (in bps). 
Buffer %—Percentage of buffer space allocated to the queue. 


Buffer usec—Amount of buffer space allocated to the queue, in 
microseconds. This value is nonzero only if the buffer size is configured 
in terms of time. 

Priority— Queue priority: low or high. 

Limit—Displayed if rate limiting is configured for the queue. Possible 
values are none and exact. If exact is configured, the queue transmits 
only up to the configured bandwidth, even if excess bandwidth is 
available. If none is configured, the queue transmits beyond the 
configured bandwidth if bandwidth is available. 


Status of the interface-transmit-statistics configuration: Enabled or detail extensive 
Disabled. 


CoS queue number and its associated user-configured forwarding class _ detail extensive 


name. 


e Queued packets—Number of queued packets. 
e Transmitted packets—Number of transmitted packets. 


e Dropped packets—Number of packets dropped by the ASIC's RED 


mechanism. 


Table 59: show interfaces Output Fields (continued) 


Field Name Field Description 


Logical Interface 


Logical interface Name of the logical interface. 

Index Index number of the logical interface, which reflects its initialization 
sequence. 

SNMP iflndex SNMP interface index number for the logical interface. 

Generation Unique number for use by Juniper Networks technical support only. 

Flags Information about the logical interface. 

Encapsulation Encapsulation on the logical interface. 

Traffic statistics Number and rate of bytes and packets received and transmitted on the 


specified interface set. 


e Input bytes, Output bytes—Number of bytes received and transmitted 
on the interface set. The value in this field also includes the Layer 2 
overhead bytes for ingress or egress traffic on Ethernet interfaces if 
you enable accounting of Layer 2 overhead at the PIC level or the logical 
interface level. 


e Input packets, Output packets—Number of packets received and 
transmitted on the interface set. 


Local statistics Number and rate of bytes and packets destined to the device. 


Transit statistics Number and rate of bytes and packets transiting the switch. 


NOTE: For Gigabit Ethernet intelligent queuing 2 (IQ2) interfaces, the 
logical interface egress statistics might not accurately reflect the traffic 
on the wire when output shaping is applied. Traffic management output 
shaping might drop packets after they are tallied by the Output bytes and 
Output packets interface counters. However, correct values display for 
both of these egress statistics when per-unit scheduling is enabled for 
the Gigabit Ethernet I|Q2 physical interface, or when a single logical 
interface is actively using a shared scheduler. 


Security Security zones that interface belongs to. 


Flow Input statistics Statistics on packets received by flow module. 
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Level of Output 


All levels 


detail extensive none 


detail extensive none 


detail extensive 


All levels 


All levels 


detail extensive 


extensive 


extensive 


extensive 


extensive 


Table 59: show interfaces Output Fields (continued) 


Field Name 


Flow Output 
statistics 


Flow error statistics 
(Packets dropped 
due to) 

Protocol 

MTU 


Generation 


Route Table 


Flags 


Addresses, Flags 


Destination 


Local 


Broadcast 


Generation 


Field Description 


Statistics on packets sent by flow module. 


Statistics on errors in the flow module. 


Protocol family. 


Maximum transmission unit size on the logical interface. 


Unique number for use by Juniper Networks technical support only. 


Route table in which the logical interface address is located. For example, 
0 refers to the routing table inet.0O. 


Information about protocol family flags. . 


Information about the address flags.. 


IP address of the remote side of the connection. 


IP address of the logical interface. 


Broadcast address of the logical interface. 


Unique number for use by Juniper Networks technical support only. 


886 


Level of Output 


extensive 


extensive 


detail extensive none 


detail extensive none 


detail extensive 


detail extensive none 


detail extensive 


detail extensive none 


detail extensive none 


detail extensive none 


detail extensive none 


detail extensive 


| Sample Output Gigabit Ethernet 


show interfaces terse (ACX5448, ACX5448-D, ACX710 channelized interface) 


user@host> show interfaces terse et-0/1/2 


Interface Admin Link Proto Local Remote 
et-0/1/2:0 up down 
et-0/1/2:1 up down 
SO / 232 up down 
Si -O/1/298 up down 


show interfaces (Gigabit Ethernet) 


user@host> show interfaces ge-3/0/2 





Physical interface: ge-3/0/2, Enabled, Physical link is Up 


Interface index: 167, SNMP ifIndex: 35 


Link-level type: 52, MTU: 1522, Speed: 1000mbps, Loopback: Disabled, 





Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: 


Remote fault: Online 


Device flags : Present Running 


Interface flags: SNMP-Traps Internal: 0x4000 


CoS queues : 4 supported, 4 maximum usable queues 


Current address: 00:00:5e:00:53:7c, Hardware address: 








Last flapped § ZOOG-—OS—LO I7e2osi@ wou (OOsOlsOs age) 

Input rate Ome Sam (OM ORS) 

Output rate 20 bps (Oops) 

Ingress rate at Packet Forwarding Engine QO bps (0 pps) 
Ingress drop rate at Packet Forwarding Engine : 0 bps (0 pps) 
Active alarms : None 


Active defects : None 


Logical interface ge-3/0/2.0 (Index 72) (SNMP ifIndex 69) 


Flags: SNMP-Traps 0x4000 
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Enabled 





OOOO Se OO posre 


ie 


VLAN-Tag [ 0x8100.512 0x8100.513 ] In(pop-swap 0x8100.530) Out (swap-push 


0x8100.512 0x8100.513) 
Encapsulation: VLAN-CCC 





Egress account overhead: 100 
Ingress account overhead: 90 
Input packets : 0 

Output packets: 0 

Provocol cee, MEU, 1522 


Flags: Is-Primary 


show interfaces (Gigabit Ethernet on MX Series Routers) 


user@host> show interfaces ge-2/2/2 





Physical interface: ge-2/2/2, Enabled, Physical link is Up 


Interface index: 156, SNMP ifIndex: 188 








Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps, MAC-REWRITE Error: None, 





Loopback: Disabled, 





Source filtering: Disabled, Flow control: 
Remote fault: Online 


Device flags : Present Running 














Enabled, Auto-negotiation: 


Interface flags: SNMP-Traps Internal: 0x4000 


Enabled, 





888 


Link flags : None 

CoS queues : 8 supported, 4 maximum usable queues 

Schedulers a © 

Current address: 00:00:5e:00:53:c0, Hardware address: 00:00:5e:00:53:76 
Last flapped g ZOOS=09—05 Ios44les0) ipa (Stel O1sO4 rere) 

Input rate OM ODS mE (OMS) 

Output rate 8 © isjos; ((@) jeje) 

Active alarms : None 


Active defects : None 
Logical interface ge-2/2/2.0 (index 82) (SNMP ifindex 2119) 
Flags: Up SNMP-Traps 0x4004000 Encapsulation: ENET2 

















INpPUENPACkeus me OZS 2 

Output packets: 10294 

Pigoieecell alin, MaRS ASO) 
Flags: Sendbcast-pkt-to-re 





Addresses, Flags: Is-Preferred Is—Primary 
DaeSsicalocesiems 2OR8 0 ,LIS/24, Locals 203011351, Broaceasics 203.0113 ,255 
Protocol inet6, MTU: 1500 
Maxanhecachesm 4s New nomlc iia letmaes OO COO Cure mhe emis 4) Gurren mewn molcheimte: 
a, Iie Cheojs mes 0) 


Flags: Is-Primary 





Addresses, Flags: Is-Default Is-Preferred Is-—Primary 
Destinations 2 Oleg) 32 locale ne UOleicbein. 5 
Addresses, Flags: Is-—Preferred 
DSSteaimenesloins BOOilscloscsilse/32, wees 2OWileclose 223) 2 Siew sieaShes Ss 7/s) 
Protocol multiservice, MTU: Unlimited 


Flags: Is-Primary 


show interfaces (link degrade status) 


user@host> show interfaces et-3/0/0 


Physical interface: et-3/0/0, Enabled, Physical link is Down 
ligic@ueitciee alintolesx3 I15)7), Sine) siieitiavelesee S)s}7/ 
Link-level type: Ethernet, MTU: 1514, MRU: 0, Speed: 100Gbps, BPDU Error: None, 




















Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled 
Device flags : Present Running Down 


Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 


Link flags : None 

CoS queues : 8 supported, 8 maximum usable queues 

Current address: 54:e0:32:23:9d:38, Hardware address: 54:¢€0:32:23:9d:38 
Last flapped 2 AQIM—OG=Ie} OASS6Ge st IID (OZeS0is 50) sisi) 


Input rate OMe OSM (Om ODS) 


Output rate LOMO OSmm (OM DS») 
Active alarms : LINK 
Active defects : LINK 





























RESmslecdieeesiteke's| Seconds 

Bit errors 0 

Errored blocks 0 
Link Degrade* 
Link Monitoring : Enable 
Link Degrade Set Threshold: g jbn=7 
Link Degrade Clear Threshold: @ iis iL2 
Estimated BER 8 dha 
Link-degrade event : Seconds Count State 

7182 1 Defect Active 


show interfaces extensive (Gigabit Ethernet on MX Series Routers showing interface transmit statistics 
configuration) 


user@host> show interfaces ge-2/1/2 extensive | match "output|interface" 





Physical interface: ge-2/1/2, Enabled, Physical link is Up 
Interface index: 151, SNMP ifIndex: 530, Generation: 154 
Interface flags: SNMP-Traps Internal: 0x4000 

Output bytes : 240614363944 (Zi 2s Gabe s 
Output packets: 3538446506 1420444 pps 


Dike Cie onme-mn Olio lUuite 





Interface transmit statistics: Enabled 
Logical interface ge-2/1/2.0 (Index 331) (SNMP ifIndex 955) (Generation 146) 


Output bytes : OD 516 US 27/A86 522 )/26272) bps 
Output packets: Al eMey AL Syl 1h LANG) 1420451 pps 


user@host> show interfaces ge-5/2/0.0 statistics detail 


Logical interface ge-5/2/0.0 (Index 71) (SNMP ifIndex 573) (Generation 135) 
Flags: SNMP-Traps 0x4000 Encapsulation: ENET2 





Egress account overhead: 100 
Ingress account overhead: 90 


Weeieicle GeegQicasSicsless 


Input bytes : 2) WALA! 
Output bytes : STO DS Ss) 
Input packets: 3664 
Output packets: 885790 


IPv6 transit statistics: 
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Inpu 
Outp 
fnpu 
Outp 
Local 
Input 
Outpu 
Input 
Outpu 
Transi 
Input 
Outpu 
Input 
Outpu 
LPS 
Inpu 
Outp 
Inpu 
Outp 


show interfaces brief (Gigabit Ethernet) 


t bytes 

ut bytes 

t packets: 

ut packets: 

SEPCLSCLSS 
bytes 

t bytes 
packets: 

t packets: 

E SEsMciseies s 
bytes 

t bytes 
packets: 

t packets: 


t bytes 
ut bytes 





t packets: 


ut packets: 


EREINGINE STAICALSICLCS S 


0 
16681118 
0 

362633 


271524 
308560 
3664 
HSS: 


0 
37461038 
0 

882131 


0 
16681118 
0 

362633 


user@host> show interfaces ge-3/0/2 brief 


Physical i 


Link-lev 


Remote f£ 
Device f 
Interfac 
Link fla 





Flags: 


VLAN-Tag [ 0x8100.512 0x8100.513 ] In(pop-swap 0x8100.530) 


0x8100 





Encaps 


CCC 


nterface: ge-3/0/2, 


el type: 52, MTU: 


Enabled, 





Speed: 


Source filtering: Disabled, Flow control: 


ault: Online 

lags : Present Running 

e flags: SNMP-Traps Internal: 
gs + None 


Logical interface ge-3/0/2.0 


SNMP-Traps 0x4000 


cole OxdiLO0 , 513) 
iEcehOn am anv Cee 


Logical interface ge-3/0/2.32767 
SNMP-Traps 0x4000 VLAN-Tag [ 0x0000.0 ] 


Flags: 


0 bps 
0 bps 
0 pps 
0 pps 


1000mbps, 





0x4000 


0 bps 
0 bps 
0 pps 
0 pps 


Piawyisaleel Ilatighe ats} Wye 





Encapsulation: 


Loopback: Disabled, 





Enabled, Auto-negotiation: Enabled, 


Out (Swap-push 








EN 


ET2 
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show interfaces detail (Gigabit Ethernet) 


user@host> show interfaces ge-3/0/2 detail 


ge-3/0/2, Enabled, 
Gy ONMP Mast ilmacdextsSini 
ee, 





Physical interface: 
Interface index: 
Link-level type: 52, MTU: Speed: 
Source filtering: Disabled, Flow control: 
Remote fault: Online 
Device flags Present Running 
Interface flags: SNMP-Traps Internal: 
Link flags None 
CoS queues 4 supported, 


Hold-times Up O ms, Down O ms 
Ul U0y bes 00s Soci, 


ADOS—OS—O9 APs l7s OO iwi 


Current address: 





Last flapped 
Statistics last cleared: Never 


UEC e Scene asicsaless 





Input bytes 0 0 bps 
Output bytes 0 0 bps 
Input packets: 0 O jos 
Output packets: 0 0 pps 
Ingress traffic statistics at Packet Forwarding Engine: 
Input bytes 0 0 bps 
Input packets: 0 0 pps 
Drop bytes 0 0 bps 
Drop packets: 0 O pps 
Ingress queues: 4 supported, 4 in use 
Queue counters: Queued packets Transmitted packets 
(0) ISSGIE SSE EO ISIE 0 0 
1 expedited-fo 0 0 
2 assured-forw 0 0 
3 network-cont 0 0 
Egress queues: 4 supported, 4 in use 
Queue counters: Queued packets Transmitted packets 
OROSSr Se mom 0 0 
1 expedited-fo 0 0 
2 assured-forw 0 0 
3 network-cont 0 0 
Active alarms None 
Active defects None 
Logical interface ge-3/0/2.0 (Index 72) (SNMP ifIndex 69) (Generation 


Flags: SNMP-Traps 0x4000 
VEANS Rag a) Osc3ilO Or ola SOs Ss 0lOR Ss 3 a 


Physical link is Up 
Generation: 177 
1000mbps, 


Loopback: Disabled, 





Hardware address: 
(ONE SIerso algo) 


Enabled, Auto-negotiation: 


0x4000 


4 maximum usable queues 








In(pop-swap 0x8100.530) 


Enabled, 





COS OVO SesOOsSsevic 


140) 


Dropped packets 


0 


0 
0 
0 


Dropped packets 


0 


0 
0 
0 
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Encapsulation: VLAN-CCC 





Ingress account overhead: 


TRAEELG StacisiciLes s 
Input bytes 
Output bytes 
Input packets: 
Output packets: 

LOE SicaAelsSicLes s 
Input bytes 
Output bytes 
Input packets: 
Output packets: 

Transit statistics: 
Input bytes 
Output bytes 
Input packets: 





Output packets: 


Prolocol cee, Nil. 132), 


Flags: Is-Primary 


Logical interface ge-3/0/2.32767 


(Generation 139) 


Egress account overhead: 


Out (swap-push 0x8100.512 0x8100.513) 


Generation: 


(Index 71) 


Flags: SNMP-Traps 0x4000 VLAN-Tag [ 


gate Cursiteciceles tesa 
Input bytes 
Output bytes 

Input packets: 
Output packets: 
local siaicidsicles 2 
Input bytes 
Output bytes 

Input packets: 
Output packets: 
TEAMS SCAQciSic ies 
Input bytes 
Output bytes 

Input packets: 





Output packets: 


show interfaces extensive (Gigabit Ethernet IQ2) 


user@host> show interfaces ge-7/1/3 extensive 


a2 & © a oo © 


en ae ) 


149, Route 


0x0000.0 


Qo © Cy, ©) oj © © 


a oO 2 © 


(SNMP 


] 


0 bps 
0 bps 
0 pps 
0 pps 


table: 0 


ifIndex 70) 





Encapsulation: 


0 bps 
0 bps 
0 pps 
0 pps 








EN 


ET2 
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Physical interface: ge-7/1/3, Enabled, Physical link is Up 
Interface index: 170, SNMP ifIndex: 70, Generation: 171 
Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps, Loopback: Disabled, 














Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, 
Remote fault: Online 

Device flags : Present Running 

Interface flags: SNMP-Traps Internal: 0x4004000 





Link flags : None 

CoS queues : 8 supported, 4 maximum usable queues 

Schedulers 8 25G 

Hold-times : Up 0 ms, Down O ms 

Current address: 00:00:5e:00:53:74, Hardware address: 00:00:5e:00:53:74 
Last flapped gs AZOOV-1L1-O7 B2igsisel PS (@2Z80Se3S ace) 


Statistics last cleared: Never 


Traber sitactsit les: 


Input bytes : 38910844056 WISZ leyors: 
Output bytes : 7174605 8464 bps 
Input packets: 418398473 11 pps 
Output packets: 78903 12 pps 


LEVYS ERSMSIE SicaeLSELSS 8 
Input bytes 
Output bytes 





0 
0 
Input packets: 0 
0 


Output packets: 





Ingress traffic statistics at Packet Forwarding Engine: 


Input bytes : 38910799145 WIZ lejos 
Input packets: 418397956 dil. jayeys’ 
Drop bytes: 0 0 bps 
Drop packets: 0 0 pps 


IMAYOWE, Susieio71eS} § 


WErOrSs: O, Deeps O, rremlng Grrorsy O, Rumess O, Police cisearcss @, 





L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, 


FIFO errors: 0, Resource errors: 0 





OClokejowie Suereoicis\ 3 





CaAkzISee ckemsitcioms; I, merorss OW, Deeps: O, Coliliasiomss 0, Agecl packecas 0), 


FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0 


Ingress queues: 4 supported, 4 in use 


Queue counters: Queued packets Transmitted packets Dropped packets 
0 best-effort 418390823 418390823 0 
1 expedited-fo 0 0 0 
2 assured-forw 0 0 0 
3 network-cont Fis Piss 0 





Egress queues: 4 supported, 4 in use 


Queue counters: Queued packets Transmitted packets Dropped packets 
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0) ISSGIE SSE ESIC 

1 expedited-fo 

2 assured-forw 

3 network-cont 
Active alarms None 
Active defects None 
MAC statistics: 


Total octets 





Total packets 
Unicast packets 
Broadcast packets 
Multicast packets 
CRC/Align errors 
IV ILINO) Gueirovigss) 

MAC control frames 
MAC pause frames 
Oversized frames 
Jabber frames 
Fragment frames 
VLAN tagged frames 
Code violations 
APS/2XICOs Ox02, ABS/MECCils Oxcili., 
Payload Type: 0x08 

OTN Transmitted Overhead Bytes: 
APS LEC Ora 0=00 Ae See Cla O 010) 





Payload Type: 0x08 
Filter statistics: 

Input packet count 

Input packet rejects 

Input DA rejects 

Input SA rejects 

Output packet count 

Output packet pad count 


Output packet error count 


IO) shal 


VUSVE 


Receive 
38910844056 
418398473 


408021893366 


10 
418398217 


NPS /POCZ ¢ 


IPS /POC2 s 


418398473 
479 

479 

0 


LO Sil 
VUS TZ 


Transmit 
7174605 
78903 
1026 

eZ 

77865 

0 


0 
0 
0 


OTN Received Overhead Bytes: 





0x47, APS/PCC3: 0x58 


0x00, APS/PCC3: 0x00 


78903 


CAM destination filters: 0, CAM source filters: 0 


Autonegotiation information: 
Negotiation status: Complete 


Link partner: 


Link mode: Full-duplex, Flow control: 


Remote fault: OK 


Local resolution: 


Flow control: Symmetric, Remote fault: 





Packet Forwarding Engine configuration: 


Destination slot: 7 


Symmetric/Asymmetric, 


Link OK 


Se Soe S&S 
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CoS information: 























Direction Output 
CoS transmit queue Bandwidth Buffer Peal Ore LiEW Limit 
% bps % usec 
ORbestScr torts 25 950000000 5 0 low none 
3 network-control 5 50000000 5 0 low none 
Direction Input 
CoS transmit queue Bandwidth Buffer Peal Ore sLiEW Limit 
% bps % usec 
ONbest Scr rors 95 950000000 95 0 low none 
3 network-control 5 50000000 5 0 low none 
Logical interface ge-7/1/3.0 (Index 70) (SNMP ifIndex 85) (Generation 150) 
Flags: SNMP-Traps Encapsulation: ENET2 
Meee SicaciSicies 3 
Input bytes 812400 
Output bytes 1349206 
Input packets: 9429 
Output packets: 9449 
IPv6 transit statistics: 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
Local Siaicidsicles 2 
Input bytes 812400 
Output bytes 1349206 
Input packets: 9429 
Output packets: 9449 
Means -eesiediels eles: 
Input bytes 0 7440 bps 
Output bytes 0 7888 bps 
Input packets: 0 10 pps 
Output packets: 0 11 pps 
IPv6 transit statistics: 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
Protocol inet, MTU: 1500, Generation: 169, Route table: 0 


Flags: Is-Primary, 


Mac-Validate Failures: Packets: 0, 





Flags: 
Pil=ge-—3/O/ L.,O=—iain, 


Addresses, 


Input Filters: 


Mac-Validate-Strict 


Bytes: 0 
Is-Preferred Is-Primary 
in 3—6S—3/ 0/1, . Cain 


Output Filters: F2-ge-3/0/1.0-out (53) 
Desicsasresoms ZOOS 0 ,L1lS/24, locals 203.0 ,113, 2, Bieoachlasics 
Generation: 196 


Protocol multiservice, 
Flags: Is-Primary 


Policer: 


MTU: Unlimited, Generation: 


1/0, 


Input: __default_arp_policer__ 
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203 505 11S 5 255i, 


Route table: 0 


NOTE: For Gigabit Ethernet intelligent queuing 2 (IQ2) interfaces, the logical interface egress statistics 
displayed in the show interfaces command output might not accurately reflect the traffic on the wire 
when output shaping is applied. Traffic management output shaping might drop packets after they are 
tallied by the interface counters. For detailed information, see the description of the logical interface 


Transit statistics fields in Table 57 on page 838. 


show interfaces (Gigabit Ethernet Unnumbered Interface) 


user@host> show interfaces ge-3/2/0 




















Physical interface: ge-3/2/0, Enabled, Physical link is Up 
Interface index: 148, SNMP ifIndex: 50 
Link-level typ Ethernet, MTU: 1514, Speed: 1000mbps, Loopback: Disabled, 
Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, 
Remote fault: Online 
Device flags Present Running 
Interface flags: SNMP-Traps Internal: 0x4000 
Link flags None 
CoS queues 8 supported, 4 maximum usable queues 
00:00:5e:00:53:f£8, Hardware address: 00:00:5e:00:53:f8 


Current address: 


Last flapped AWOG=1L0=27 Wed zens IP IDL 


Input rate 0 bps (0 pps) 
Output rate 624 bps (1 pps) 
Active alarms None 

Active defects None 

















Logical interface ge-3/2/0.0 (Index 67) 
Flags: SNMP-Traps Encapsulation: ENET2 
Input packets : 0 
Output packets: 6 
Protocol inet, MTU: 1500 

Flags: Unnumbered 
Donor interface: 100.0 (Index 64) 


(OS Ones Seale) 


(SNMP if Index 85) 
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Preferred source address: 203.0.113.22 


show interfaces (ACI Interface Set Configured) 


user@host> show interfaces ge-1/0/0.4001 


Logical interface ge-1/0/0.4001 (Index 340) (SNMP ifIndex 548) 
Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.4001 ] Encapsulation: PPP-over- 








Ethernet 
ACI VLAN: 
Dynamic Profile: aci-vlan-set-profile 


IDE oleh 8 











Dynamic Profile: aci-vlan-pppoe-profile, 


Service Name Table: None, 





ax Sessions: 32000, Max Sessions VSA Ignore: Off, 


Duplicate Protection: On, Short Cycle Protection: Off, 





Direct Connect: Off, 
AC Name: nbc 

Input packets : 9 

Output packets: 8 


Protocol multiservice, MTU: Unlimited 


show interfaces (ALI Interface Set) 


user@host> show interfaces ge-1/0/0.10 


Logical interface ge-1/0/0.10 (Index 346) (SNMP ifIndex 554) (Generation 155) 
Flags: Up SNMP-Traps 0x4000 VLAN-Tag [| 0x8100.10 ] Encapsulation: ENET2 

















Line Identity: 
Dynamic Profile: ali-set-profile 
Circuit-id Remote-id Accept-no-ids 


PIP IPO 8 








Dynamic Profile: ali-vlan-pppoe-profile, 


Service Name Table: None, 





Max Sessions: 32000, Max Sessions VSA Ignore: Off, 
Duplicate Protection: On, Short Cycle Protection: Off, 





Direct Connect: Off, 
AC Name: nbc 

Input packets : 9 

Output packets: 8 


Protocol multiservice, MTU: Unlimited 


| Sample Output Gigabit Ethernet 


show interfaces extensive (10-Gigabit Ethernet, LAN PHY Mode, IQ2) 


user@host> show interfaces xe-5/0/0 extensive 





Physical interface: xe-5/0/0, Enabled, Physical link is Up 
15/ 7e, Oo NMP ae talsnGles-m6 Si), Lys 
Ethernet, MTU: 1518, 


Enabled, 


Interface index: Generation: 








Link-level typ LAN-PHY mode, 





None, Source filtering: 


Enabled 





Flow control: 


Device flags Present Running 


Interface flags: SNMP-Traps Internal: 0x4000 

Link flags None 

CoS queues 8 supported, 4 maximum usable queues 
Schedulers 1024 

Hold-times Up 0 ms, Down 0 ms 

Current address: 00:00:5e:00:53:f£6, Hardware address: 00: 
Last flapped Never 


Statistics last cleared: Never 


WHEELS Scene asic sles s 














Speed: 


10Gbps, 
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Loopback: 


OCs SecWWe Ss) o165 


Input bytes 6970332384 0 bps 
Output bytes : 0 0 bps 
Input packets: 81050506 O pps 
Output packets: 0 0 pps 
IPv6 transit statistics: 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
Ingress traffic statistics at Packet Forwarding Engine: 
Input bytes 69702909898 0 bps 
Input packets: 81049992 0 pps 
Drop bytes : 0 0 bps 
Drop packets: 0 0 pps 
IIMOWEE Sisieoies g 
IeROrss O, Dreass O, HRAMLnG Eexreorss OH, Rumtss O, Polueec chiiscarces O, ins 
incompletes: 0, L2 channel errors: 0, 
L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0 
Output errors: 
Carrier Cramsittionmss OW, mrrors, 0, wDiecosc 0, Collisiomss 0, Aged packets: O, 
MILO) Exeisoess O, IS Lnimk CRO ciscorss 0), 
MTU errors: 0, Resource errors: 0 


Ingress queues: 4 supported, 4 in use 


Queue counters: Queued packets Transmitted packets 


Dropped packets 


0 best-effort 
1 expedited-fo 
2 assured-forw 


3 network-cont 





Egress queues: 4 
Qucviemeoumibcrwsk: 
OROSSrS Se morte 
1 expedited-fo 
2 assured-forw 
3 network-cont 
Active alarms 
Active defects 
R@Smisieclesksiteskes 


Bit errors 





Errored blocks 
MAC statistics: 


Total octets 





Total packets 
Unicast packets 
Broadcast packets 
Multicast packets 
CRC/Align errors 
IININO) Siwieo1we Ss 
MAC control frames 
MAC pause frames 
Oversized frames 
Jabber frames 
Fragment frames 
VLAN tagged frames 
Code violations 

Filter statistics: 


Input packet count 


Input packet rejects 


Input DA rejects 
Input SA rejects 


supported, 


None 


None 


Output packet count 


Output packet pad count 


81049992 81049992 
0 0 
0 0 
0 0 
4 in use 
Queued packets Transmitted packets 
0 0 
0 0 
0 0 
0 0 
Seconds 
0 
0 
Receive Transmit 
6970332384 0 
81050506 0 
81050000 0 
506 0 
0 0 
0 0 
0 0 
0 0 
0 0 
0 
0 
0 
0 
0 
81050506 
506 
0 
0 
0 


Output packet error count 


CAM destination filters: 0, 





Packet Forwarding 
Destination slot: 

CoS information: 
Direction Output 


CoS transmit queue 


5 


Bandwidth 


CAM source filters: 0 


Engine configuration: 


( Uleie tc raga tasle nics Ie ten 


Dropped packet 


Limit 


eS a oe S&S 


S 
0 


0 
0 
0 
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Generation: 


ole 


0 best-effort OS) 
3 network-control 5) 
Direction Input 


CoS transmit queue 


0 best-effort 15) 


3 network-control 3) 


Logical interface xe-5/0/0.0 








bps % usec 
950000000 95 0 
50000000 5 0 
Bandwidth Bile 36 
bps % usec 
950000000 95 0 
50000000 5 0 
(Index 71) (SNMP ifIndex 95) 





Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.100 J Encaps 
Egress account overhead: 100 
Ingress account overhead: 90 
Higa tet eCusiteciels tesa 
Input bytes 0 
Output bytes 46 
Input packets: 0 
Output packets: il 
UP Oe erans btasiedicuestalesi: 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
ocell Siaicdsicles 2 
Input bytes 0 
Output bytes 46 
Input packets: 0 
Output packets: 1 
ieCniSHaemESiacleres enaosrs 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
P.O sesh sate siecicnes tenets 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
Protocol inet, MTU: 1500, Generation: 253, Route table: 
Addresses, Flags: Is-Preferred Is—Primary 
Dasani ome LY? ,0,2/24, ihocaile 192,021, Beoaceasic 


265 


Protocol multiservice, 


MTU: Unlimited, Generation: 


254, 


low 


low 


er Priority 


low 


low 


none 


none 


Limit 


none 


none 


(Generation 195) 











ulation: ENET2 





0 bps 
0 bps 
0 pps 
0 pps 


0 


2 192 5 Oo4Ao2oS, 


Route table: 


0 
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Flags: None 


Policer: Input: _ default_arp_policer _ 


show interfaces extensive (10-Gigabit Ethernet, WAN PHY Mode) 


user@host> show interfaces xe-1/0/0 extensive 





Physical interface: xe-1/0/0, Enabled, Physical link is Up 
Interface index: 141, SNMP ifIndex: 630, Generation: 47 








Link-level type: Ethernet, MTU: 1514, Speed: 9.294GbpsGbps, 


WAN-PHY mode 





Loopback: 


Source filtering: Disabled, Flow control: Enabled Speed Configuration: Auto 


Device flags : Present Running 
Interface flags: SNMP-Traps 16384 


Link flags : None 
CoS queues : 4 supported 
Hold-times : Up 0 ms, Down O ms 





Last flapped § 2005-07-07 Ile2zss4 Rpm (Sel 12228 Age) 
Statistics last cleared: Never 
Traffic statistics: 

Input bytes 

Output bytes 

Input packets: 


eS S| & = 


Output packets: 


MIG[OWEE Pisieoviess g 


HiGulieiniken GRC mcista@ isi O mL Om lneM rp @Omonj,ers mlkow Simm Oy, 


Resource errors: 0 





Output errors: 





CAKE Cireisittdomss 1, mrrorss O, Droose 0, Collisions s 


Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0 


Resource errors: 0 


Queue counters: Queued packets Transmitted packet 
0) ISSSE Siz EO ice 0 
1 expedited-fo 0 
2 assured-forw 0 
3 network-cont 0 


Active alarms : LOL, LOS, LBL 
Active defects: LOL, LOS, LBL, SEF, AIS-L, AIS-P 


























DCS PiLaristLes Seconds Count 
Bit errors 0 0 


Errored blocks 0 0 





, 


5 
0 


0 
0 
0 


0 bps 
0 bps 
0 pps 
0 pps 


0, 
MTU 


Current address: 00:00:5e:00:53:9d, Hardware address: 00:00:5e:00:53:9d 


lIneRorss O, Drcoess O, KreLnG ermorss O, Rumess OC, Polmeecd ciisearcces @, 


L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, 


errors: 0, 


Dropped packets 
0 


0 
0 
0 


Disabled 
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MAC MSitechieles eaese: 


Total octets 





Total packets 
Unicast packets 
Broadcast packets 
Multicast packets 
CRC/Align errors 
IO) Giewo~es 
MAC control frames 
MAC pause frames 
Oversized frames 
Jabber frames 
Fragment frames 
VLAN tagged frames 
Code violations 

Filter statistics: 
Input packet count 
Input packet rejects 
Input DA rejects 
Input SA rejects 
Output packet count 
Output packet pad co 
Output packet error 
CAM destination filt 

PMs Pe: 

PLL lock 
PHY light 





WIS section: 
Be Ball 
SEF 

LOS 

LOF 

ES=5 
SHS=9 
SESS) 

WIS line: 
BuPpSBZ 











(ese Ir 





Dt —aby 





ERR-SF 


R 
AIS-L 
B 
BERR-SD 








unt 


Count 


ers: 0, 


Seconds 


GSLs) 


0 
434430 
434430 
434430 
434430 
434430 
434430 








0 
0 
0 
434430 
0 
0 
434430 
434430 


Receive Transmit 
0 0 
0 0 
0 0 
0 0 
0 0 
0 0 
0 0 
0 0 
0 0 
0 
0 
0 
0 
0 
0 
0 
0 
0 

0 


Count 


0 
434438 
il 
ald 


aS & (toc & ©& 


CAM source filters: 0 


State 
OK 
Light Missing 


Defect Active 
Defect Active 


Defect Active 


OK 
Defect Active 
OK 
OK 
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UAS-PFE 
Received path trace: 
00 00 00 00 00 00 00 


Transmitted path trace: 


ie We OS) Ws US Oil ZO 





903 


434420 


0 
0 
0 
434430 
0 
0 
0 
434430 
434430 
434420 
0 
0 
0 


OK 
Defect Active 
OK 
OK 
OK 


oe @ @& toe S&S & 


OC OC OG OO OO OW OW WW OO cesdocnoasogacne 
orissa so-1/0/0 
73 6x Zell 31 Bie SO Be 30 OO orissa so-1/0/0. 


Packet Forwarding Engine configuration: 


Destination slot: 
CoS information: 


CoS transmit queue 


0 best-effort 


3 network-control 


Bandwidth Buffer IDIeaL @MeIIEW Limit 
% bps % bytes 
5) 950000000 QS) 0 low none 
5) 50000000 5 0 low none 


show interfaces extensive (10-Gigabit Ethernet, DWDM OTN PIC) 


user@host> show interfaces ge-7/0/0 extensive 





Physical interface: ge-7/0/0, Enabled, Physical link is Down 


IMCS alinvclescs Ils}, 


SNMP ifIndex: 508, Generation: 208 





Link-level type: Ethernet, MTU: 1514, Speed: 10Gbps, BPDU Error: None, 




















MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, 








Flow control: Enabled 


Device flags : Present Running Down 


Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 


Link flags : None 


Wavelength g 1550. 


12 nm, Frequency: 193.40 THz 


CoS queues : 8 supported, 8 maximum usable queues 


Hold-times 


Current address: 


Last flapped 


Up 0 ms, Down O ms 
OO OOS SeOOness mer, 
AOII=O4—20) isedeye 5a iia 


Statistics last cleared: Never 


IEE SE ILS! 


Input 
Outpu 
Input 
Outpu 
IPv6 
Inpu 


Siecleelesienkecu 


bytes 
bytes 
packe 
packe 


Lee 
ee 


Se ec eS & 


EREMGILE SiEGicASic ess 


byte 


Ss 


Output bytes 


Inpu 





packets: 


Output packets: 


IMOIE, Sisie@ies} § 





Ineroress 0), 


Dieojos.3 0) 


L3 incompletes: 


En Omeracorsss sO), 


Output errors: 


0, 


Res 


CaleeTerR wiEtanstitekomsi: 


Fn Omer coms O)y 





Egress queues: 


Queue counters: 
0 best-effort 


1 expedited-fo 


2 assured-forw 


3 network-cont 


Queue number: 


0 
dl 
2 
3) 


Active alarms 


Active defects 


MAC statistics: 





Unicast packets 


Total octets 


Total packets 


HS 


LINK 





LINK 


Broadcast packets 


Multicast packets 


CRC/Align errors 


FIFO errors 


MAC control frames 


MAC pause frames 


Se Ss 2 © 


7; Wieeimaling; Gieworse O, Isms 0, 


Hardware address: 
(LSisS9% 49 ago) 


0 bps 
0 bps 
0 pps 
0 pps 


00:00:5e: 


OOFS33 72 


Policed discards: 0, 


L2 channel errors: 0, L2 mismatch timeouts: 0, 


ource errors: 0 





2, ineworess O, Degoess OW, Collisiomss WO, Acec jacketss OW, 


iin CRCmcratsoes iO) me Ummertatsoira srs 


8 supported, 4 in use 


0, Resource errors: 0 


Queued packets Transmitted packets 


0 
0 
0 


Mapped forwarding classes 
best-effort 
expedited-forwarding 
assured-forwarding 


network-control 


Receive 


er 3 oe oe) 2 Se fe. Se S& 


0 
0 
0 


Transmit 


a2 S| S| 2 cc c& 2] 


Dropped packets 
0 
0 
0 
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Oversized frames 
Jabber frames 
Fragment frames 
VLAN tagged frames 
Code violations 


Total octets 





Total packets 
Unicast packets 
Broadcast packets 
Multicast packets 
CRC/Align errors 
IDI) iwi ores) 

MAC control frames 
MAC pause frames 
Oversized frames 
Jabber frames 
Fragment frames 
VLAN tagged frames 
Code violations 

OTN alarms 

OlNEGomecias 

OTN FEC Mode 7 GEE e 

OTN Rate 











OTN Line Loopback : Enabl 











OTN FEC statistics 





Corrected Errors 





Comise Cc Cis Eat @ lam alekOmmn( 


@MINGEE Cararlkanamsts 





FEC Degrade 











FEC Excessive 
OENSOC: 
LOS 
LOF 
LOM 





Wavelength Lock 
OTN OTU: 

AIS 

BDI 





IAE 





2EiM 

SE 

SD 
CA-ES 
TECA-—SES 














None 


None 


Fixed Stuff Bytes 11.0957Gbps 


ed 


Seconds 
0 
0 


Seconds 


67164 
67164 


GGUS) 
67158 


67164 
67164 


Se ea, ea 2c Se Se Se Ss a ec Se Se Se Sa 2S S&S oS Se SS 


Count 


4814 


So @S GC [sy iS 


0 sec average) 


Sicaies 
OK 

OK 
State 
OK 
Defect 
Defect 
OK 


OK 
Defect 
Defect 
OK 
Defect 
Defect 
OK 
OK 


Oe-0 


Active 


Active 


Active 


Active 


Active 


Active 


Sy Ere S&S & @& & |] 


905 


906 

















TCA-UAS 80 40 OK 
CA-BBE 0 O OK 
Base 0 OOK 
BBE 0 O OK 
ES 0 ORO K 
SES 0 O OK 
UAS 587 ORO Ks 


Received DAPI: 
OG CO O8 OO OO OO OO OO OO OO OO OO OO OH OO OW cacccovssacodven 
Received SAPI: 
00 O68 CO OO OW OO OO OO OO OH OO OO O00 O© OO OW saaccosncansouse 
Transmitted DAPI: 
00 OF CO OO OO OO OO OO OO OH OO OO OO OO OO OW saesvcasnoasogsse 
Transmitted SAPI: 
00 08 O© OO OO OO OO OO OO BO OO OO GO OO OO OO cossousosoenouso 
OTN Received Overhead Bytes: 
APS/PCCO: 0x02, APS/PCC1: 0x42, APS/PCC2; Oxa2, APS/PCC3:; 0x48 
Payload Type: 0x03 
OTN Transmitted Overhead Bytes: 
APS/PCCO: 0x00, APS/PCC1: 0x00, APS/PCC2: 0x00, APS/PCC3: 0x00 
Payload Type: 0x03 




















Filter statistics: 
Input packet count 
Input packet rejects 
Input DA rejects 


Ss. ee eS 


Input SA rejects 

Output packet count 
Output packet pad count 
Output packet error count 0 


CAM destination filters: 0, CAM source filters: 0 





Packet Forwarding Engine configuration: 
Destination slot: 7 
CoS information: 


Direction : Output 


CoS transmit queue Bandwidth Buffer Priority 
Limit 
% bps % usec 
0 best-effort 5 9500000000 OS) 0 low 
none 
3 network-control 3) 500000000 5) 0 low 


none 
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show interfaces extensive (10-Gigabit Ethernet, LAN PHY Mode, Unidirectional Mode) 


user@host> show interfaces xe-7/0/0 extensive 





Physical interface: xe-7/0/0, Enabled, Physical link is Up 

Interface index: 173, SNMP ifIndex: 212, Generation: 174 

Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Speed: 10Gbps, Unidirectional: 
Enabled, 


Loopback: None, Source filtering: Disabled, Flow control: Enabled 














Device flags : Present Running 


show interfaces extensive (10-Gigabit Ethernet, LAN PHY Mode, Unidirectional Mode, Transmit-Only) 


user@host> show interfaces xe-7/0/0-tx extensive 








Physical interface: xe-7/0/0-tx, Enabled, Physical link is Up 
Interface index: 176, SNMP ifIndex: 137, Generation: 177 
Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Speed: 10Gbps, Unidirectional: 











ex Oneleyy 

Device flags : Present Running 

Interface flags: SNMP-Traps Internal: 0x4000 

Link flags : None 

CoS queues : 8 supported, 8 maximum usable queues 

Hold-times : Up 0 ms, Down O ms 

Current address: 00:00:5e:00:53:83, Hardware address: 00:00:5e:00:53:83 
Last flapped s ZAVOT=-OG=01 OLSOssus woe (scl O2sSi Acie) 


Statistics last cleared: Never 





ISEGUEIEILE! SESE aL Sic shes S 


Input bytes : 0 0 bps 
Output bytes ;: S223 9LI S223 7/160) 9627472888 bps 
Input packets: 0 0 pps 
Output packets: 328809727380 UZASAYA jojors 


wiLiceie SireicslSieaes 3 


Output packet count 328810554250 
Output packet pad count 0 
Output packet error count 0 





Logical interface xe-7/0/0-tx.0 (Index 73) (SNMP ifIndex 138) (Generation 139) 














Flags: SNMP-Traps Encapsulation: ENET2 








Egress account overhead: 100 


908 


Ingress account overhead: 90 


IWEueicALS SeSieasic sles ¢ 








Input bytes : 0 
Output bytes : SAAS OIL May ZZNS TAL GO) 
Input packets: 0 
Output packets: 328809727380 
IPv6 transit statistics: 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
local Staicidsicles : 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
Transit statistics: 
Input bytes : 0 0 bps 
Output bytes ;: S228 91152297160 9627472888 bps 
Input packets: 0 O pps 
Output packets: 328809727380 1225492 pps 
IPv6 transit statistics: 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 


Protocol inet, MTU: 1500, Generation: 147, Route table: 0 





Addresses, Flags: Is-Preferred Is—Primary 
DaSitalmeicsyoms IO), iL, 12/24, lboeedls 10,111,123, Beoacleasicg 10, 11,112,255, 
Generation: 141 
Protocol multiservice, MTU: Unlimited, Generation: 148, Route table: 0 
Flags: None 


Policer: Input: __default_arp_policer__ 


show interfaces extensive (10-Gigabit Ethernet, LAN PHY Mode, Unidirectional Mode, Receive-Only) 


user@host> show interfaces xe-7/0/0-rx extensive 








Physical interface: xe-7/0/0-rx, Enabled, Physical link is Up 
Interface index: 174, SNMP ifIndex: 118, Generation: 175 





Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Speed: 10Gbps, Unidirectional: 





Rx-Only 
Device flags : Present Running 


Interface flags: SNMP-Traps Internal: 0x4000 


Link flags None 


Cos queues 8 supported, 
Hold-times 


Current address: 





Last flapped 
Statistics last cleared: Never 


Ieee! Siesue aL Sic sess 


Up 0 ms, Down O ms 
CO UOs ses00s 55.0, 
AVOT—OG—-Ol OFeOSsg22 wwe 


Hardware address: 


8 maximum usable queues 


COSVO Se 00 Sse33 
(cOZs eae) 


Input bytes 322857456303482 9627496104 bps 
Output bytes 0 0 bps 
Input packets: SAE PSA S151 IZZ5495) joo 
Output packets: 0 0 pps 
Filter statistics: 

Input packet count 343 7 THOLSO SS 

Input packet rejects il 

Input DA rejects 0 




















Logical interface xe-7/0/0-rx.0 (Index 72) (SNMP ifIndex 120) (Generation 138) 
Flags: SNMP-Traps Encapsulation: ENET2 
TieGueieke Stacisicies 
Input bytes 322857456303482 
Output bytes 0 
Input packets: S218) 7) OAS 7 Syl 
Output packets: 0 
IPv6 transit statistics: 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
Local Sicaiedsicwes s 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
Transit statistics: 
Input bytes 322857456303482 9627496104 bps 


Output bytes 
Input packets: 


Output packets: 





IPv6 transit statistics: 


328775413751 


0 0 bps 
1225495 pps 
0 0 pps 
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Input 
Output 


bytes 
bytes 
Input 

Output 


0 
0 
packets: 0 
packets: 0 


Protocol inet, MTU: 1500, Generation: 





Addresses, Flags: 


DaSicalimeicsoms 192 ,0.2/24, ihocaile 
139) 


Protocol multiservice, 


Generation: 


Flags: None 


Polkteer: 


| Sample Output 


Sample Output SRX Gigabit Ethernet 


user@host> show interfaces ge-0/0/1 





Physical interface: ge-0/0/1, 
135, $ 


Ethern 


Enabled, 
MP ifIndex: 
t, 
EWRITE 


Interface index: li@) 


1514, 








Link-level typ MTU: 


BPDU 











ldeigoe f MAC-R 











None, Error: None, 


Source filtering: Disabled, Flow control: 
Remote fault: Online 
Device flags Present Running Down 
Interface flags: Hardware-Down SNMP-Traps 
Link flags None 
CoS queues 8 supported, 
Current address: 00:00:5e:00:53:01, 


Last flapped AWIS=“OS5=12 O8esesss wie 








145, 
Is-Preferred Is-Primary 
12 


MTU: Unlimited, Generation: 


Link-mod 


Hardware address: 


910 


Route table: 0 


QO,.2.1, Breoaceasics 192,0.282,.255, 


146, Route table: 0 


Input: __default_arp_policer__ 


Physical link is Down 





Full—duplex, 
Disabled, 


Speed: 1000mbps, 


Loopback: 








Enabled, Auto-negotiation: Enabled, 


Internal: 0x0 


8 maximum usable queues 


00:00:5e:00:53:01 


(lwld 22:42 ago) 














Input rate 0 bps (0 pps) 

Output rate 0 bps (0 pps) 

Active alarms LINK 

Active defects LINK 

Interface transmit statistics: Disabled 

Logical interface ge-0/0/1.0 (Index 71) (SNMP ifIndex 514) 
Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 
Input packets 0 
Output packets: 0 
Security: Zone: public 
Protocol inet, MTU: 1500 


Flags: Sendbcast-—pkt-to-re 





Addresses, Flags: Dest-route-down Is-—Preferred Is-—Primary 
DESicaimererom?e Lo l,l/aet, iheesils oi,il,i, Breosceasics 1,1,1,255 


Sample Output SRX Gigabit Ethernet 


user@host> show interfaces ge-0/0/1 





Physical interface: ge-0/0/1, Enabled, Physical link is Down 
Interface index: 135, SNMP ifIndex: 510 











Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 




















BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, 





Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: 


Remote fault: Online 

Device flags : Present Running Down 

Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 
Link flags : None 


CoS queues : 8 supported, 8 maximum usable queues 


Current address: 00:00:5e:00:53:01, Hardware address: 00:00:5e:00:53: 


Last flapped 5 20LS-0S=12 WSsesoss9 Wie Ciwilel 22542 eGo) 
Input rate Ome OSM (OMmODIS)) 

Output rate UN bosm (Opps): 

Active alarms : LINK 


Active defects : LINK 





Interface transmit statistics: Disabled 


Logical interface ge-0/0/1.0 (Index 71) (SNMP ifIndex 514) 














Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 





Input packets : 0 

Output packets: 0 

Security: Zone: public 

Protocol inet, MTU: 1500 
Flags: Sendbcast-pkt-to-re 





Addresses, Flags: Dest-route-down Is-—Preferred Is-—Primary 
DeSsitaimereoms L,l.,1l/e@ed. ihoceille ,i,il,l, Beoactasics 1,1,1,255 


show interfaces (Gigabit Ethernet for vSRX and vSRX 3.0) 


user@host> show interfaces ge-0/0/0 





Physical interface: ge-0/0/0, Enabled, Physical link is Up 
Interface index: 136, SNMP ifIndex: 510 


911 


1000mbps, 





Enabled, 


O01 














Link-level type: Ethernet, MTU: 1518, LAN-PHY mode, Link-mode: Half—duplex, 


912 











Speed: 1000mbps, BPDU Error: None, Loop Detect PDU Error: None, Ethernet-—Switching 














Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: 








Disabled, Flow control: Enabled, 
Auto-negotiation: Enabled, Remote fault: Online 


Device flags : Present Running 





Interface flags: SNMP-Traps Internal: 0x4000 


CoS queues : 8 supported, 8 maximum usable queues 

Current address: 00:50:56:93:ef:25, Hardware address: 00:50:56:93:ef:25 
Last flapped § Z20IL9-OS—29 Olesrsas wie (WOsSOOs4L age) 

Input rate cele Ob DO SmOmoes) 

Output rate LOMO Sum (OM D DS) 

Active alarms : None 


show interfaces detail (Gigabit Ethernet) 


user@host> show interfaces ge-0/0/1 detail 





Physical interface: ge-0/0/1, Enabled, Physical link is Down 
Interface index: 135, SNMP ifIndex: 510, Generation: 138 
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps, 





























BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: 
Disabled, 








Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online 





Device flags : Present Running Down 

Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 

Link flags : None 

CoS queues : 8 supported, 8 maximum usable queues 

Hold-times : Up 0 ms, Down O ms 

Current address: 00:00:5e:00:53:01, Hardware address: 00:00:5e:00:53:01 
Last flapped § AZOLS-O05-1L2 OPxrsSosh wwe (iw2e! OWSOW axgjo) 


Statistics last cleared: Never 


WTeGWEIe Ae! Sieeue asic ales) s 





Input bytes 0 0 bps 
Output bytes 0 0 bps 
Input packets: 0 0 pps 
Output packets: 0 0 pps 
Egress queues: 8 supported, 4 in use 
Queue counters: Queued packets Transmitted packets Dropped packets 
OQ ISSSIE Sie OIC 0 0 0 
1 expedited-fo 0 0 0 
2 assured-forw 0 0 0 
3 network-cont 0 0 0 
Queue number: Mapped forwarding classes 


0 best-effort 


i 
2 
3 
Active alarms 


Active defects 


Interface transmi 


Ineoplcvall aliniceicizace: Ce-O/O/il.,@ ((itincles< Wil) 


expedited-forwarding 
assured-forwarding 


network-control 


LINK 
LINK 





SeeSieciedsiekese wD slsallo lee 





Flags: Device-Down SNMP-Traps 0x0 Encapsulation: 


IMZBEIELS Sei wsie sles s 


(SNMP ifIndex 514) 





EN 





ET2 











Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
oeeil SicaAedsicwes s 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
cans eesizdies eles: 
Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
Security: Zone: public 
Flow Statistics 
Flow Input statistics 
Self packets 0 
ICMP packets 0 
VPN packets 0 
Multicast packets 0 
Bytes permitted by policy 0 
Connections established 0 
Flow Output statistics: 
Multicast packets : 0 
Bytes permitted by policy : 0 


Flow error statistics (Packets dropped due to): 


Address spoofing: 0 


Authentication failed: 


Incoming NAT errors: 


Invalid zon 


Multiple user authentications: 
Multiple incoming NAT: 


No parent for a gate: 





received packet: 


Sy “er <<, ee) er 1S! 


(Generation 136) 


0 bps 
0 bps 
0 pps 
0 pps 


913 





No on 
No minor session: 

No more sessions: 

No NAT gate: 

NG FrOuULe presenL: 

NOMS Age zoremeenc Omsan gers Eley 
No tunnel found: 

No session for a gate: 


No zone or NULL zone binding 





Policy denied: 


Security association not active: 


TCP sequence number out of window: 


Syn-attack protection: 
User authentication errors: 
RS OOF 


Picoicecoll alineic,, IMUEOS 


interested in self packets: 


Generation: 


ere er Se eS eS aS oS aS Ss aS Ss 


150, Route table: 0 





Flags: Sendbcast-pkt-to-re 
Addresses, Flags: Dest-route-down Is-—Preferred Is-Primary 
Destcalnercsoeme L,1,1l/2@4. ihoeealls Ills, Beoecdeasics 1.1,1.255, Geameieacaloms 


150 


show interfaces statistics st0.0 detail 


user@host> show interfaces statistics st0.0 detail 


Logical interface st0.0 


(Index 71) 


(SNMP ifIndex 609) 





Flags: Up Point-To-Point SNMP-Traps Encapsulation: 
Mico hCmsitacicts elles 

Input bytes 528152756774 
Output bytes 575950643520 
Input packets: 11481581669 
Output packets: 12520666095 
Local StaAEedLsicwes s 

Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
Mipanisawsiedicls lest 

Input bytes 0 
Output bytes 0 
Input packets: 0 
Output packets: 0 
Security: Zone: untrust 





Allowed host-inbound traffic 


ospf ospf3 pgm pim rip ripng router-discovery rsvp 


(Generation 136) 


Secure-Tunnel 


121859888 bps 
128104112 bps 


331141 pps 
348108 pps 


any-service bfd bgp dvmrp igmp ldp msdp nhrp 


914 


sap vrrp 
Flow Statistics 


Flow Input statistics 


Self packets 0 
ICMP packets 0 
VPN packets 0 
Multicast packets 0 
Bytes permitted by policy : 525984295844 
Connections established : 7 
Low OMIEOUE SIEEIEASIE LCS ¢ 
Multicast packets : 0 
Bytes permitted by policy : 576003290222 


Flow error statistics (Packets dropped due to): 


Address spoofing: 0 
Authentication failed: 


Incoming NAT errors: 





Invalid zone received packet: 
ultiple user authentications: 
ultiple incoming NAT: 


No parent for a gate: 





No one interested in self packets: 
No minor session: 

No more sessions: 

No NAT cate: 

NG rouLre present: 

No SA for incoming SPI: 

No tunnel found: 

No session for a gate: 


No zone or NULL zone binding 





Policy denied: 
Security association not active: 


TCP sequence number out of window: 





Syn-attack protection: 


ewe aS a aS aS Sm es Se aS SS Ss Se Ss S&S S&S 


User authentication errors: 
Protocol inet, MTU: 9192 
Max nh cache 0; New holldiimh dhimat) 0, 
Niel Cheeys: cimey (0) 
Generation: 155, Route table: 0 
Flags: Sendbcast-pkt-to-re 


show interfaces extensive (Gigabit Ethernet) 


user@host> show interfaces ge-0/0/1.0 extensive 


000280 


Cwiee ima Ciaies O, Clue meyye In@lle! cies W, 


915 





Physical link is Down 


Generation: 138 








Physical interface: ge-0/0/1, Enabled, 
Interface index: 135, SNMP ifIndex: 510, 
Link-level typ Ethernet, MTU: 1514, Link 








MAC-REWRITE 














BPDU Error: None, Error: None, 





Source filtering: Disabled, Flow control: 
Remote fault: Online 
Device flags Present Running Down 
Interface flags: 
Link flags None 
Cosequcucs 8 supported, 


Hold-times Up 0 ms, Down O ms 
OOr00+5e2 00253201, 


ZO0LS-Od—i2z OSesosas wwe | 


Current address: 





Last flapped 
Statistics last cleared: Never 
MIQUE IE ILC! SEGUE ALS ALCKS} 8 

Input bytes 
Output bytes 


Input packets: 


SoS > 


Output packets: 
MMOLE, Sisie@ies} § 
Framing errors: 0, 


Imgico~ss Op, Discos 0), 


L3 incompletes: 0, L2 channel errors: 0, 


FIFO errors: 0, Resource errors: 0 





Output errors: 





CAKZISE CKaMSitionss; O, mereress WO, DrepS 


WIeO) GieKoRese O, IS Iaine CRN Siewoise 0), 


4 in use 





Egress queues: 8 supported, 


Queue counters: Queued packets Tran 
0) ISSSE SSE EOI 0 
1 expedited-fo 0 
2 assured-forw 0 
3 network-cont 0 
Queue number: Mapped forwarding cl 
0 best-effort 
il expedited-forwarding 
2 assured-forwarding 
3 network-control 
Active alarms LINK 
Active defects LINK 





MAC statistics: 


Total octets 





Total packets 
Unicast packets 


Broadcast packets 


Full-duplex, 
Loopback: Disabled, 


mod Speed: 





Hardware address: 


Rumtsi Ol 


MTU errors: 0O, 


Receive 


Enabled, Auto-negotiation: 


Hardware-Down SNMP-Traps Internal: 0x0 


8 maximum usable queues 


lwld 22:57 ago) 


0 bps 
0 bps 
0 pps 
0 pps 


L2 mismatch timeouts: 0, 


© O, Colilisiomes 0, 


smitted packets 

0 

0 

0 

0 

asses 

Transmit 
0 0 
0 0 
0 0 
0 0 


WOSOOs See OOa Sse 


Policed discards: 


1000mbps, 





Enabled, 


O1 


0, 


Aged packets: 0, 


Resource errors: 0 


Dropped packets 


0 


0 
0 
0 
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Multicast packets 
CRC/Align errors 
IO) Giwewoe Ss 
MAC control frames 
MAC pause frames 
Oversized frames 
Jabber frames 
Fragment frames 
VLAN tagged frames 
Code violations 
Filter statistics: 
Input packet count 
Input packet rejects 
Input DA rejects 
Input SA rejects 
Output packet count 
Output packet pad count 


Output packet error count 


CAM destination filters: 2, CAM source 


Autonegotiation information: 


Negotiation status: Incomplete 





Packet Forwarding Engine configuration: 


Destination slot: 0 
CoS information: 
Direction Output 


CoS transmit queue 





Limit 


oe 


0) ISSSE Sie OI 25 
none 

3 network-control 5 
none 


Interface transmit statistics: 


ee. eS er S&S Se eS Se S&S 


Ser Se, oe & 


ier Iieeuess (0) 


Bandwidth 


oe 


bps 


950000000 oD) 


50000000 ES) 


Disabled 


Logical interface ge-0/0/1.0 (Index 71) 


(SNMP ifIndex 514) 





Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 


Teeueieike Staicisic ies 
Input bytes 
Output bytes 
Input packets: 
Output packets: 
oC culeesiteclerisstenelsr: 
Input bytes 


Output bytes 


Cr ©) 2 ©) 


S) 


SO Onn a) 


Buffer Priority 


usec 
0 low 
0 low 


(Generation 136) 
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Input packets: 0 


2) 


Output packets: 
Transit statistics: 
Input bytes 
Output bytes 

Input packets: 


Se ae ee) 


Output packets: 


Security: Zone: public 





Flow Statistics 
Flow Input statistics 
Self packets 
ICMP packets 
VPN packets 
Multicast packets 
Bytes permitted by policy 
Connections established 
Flow Output statistics: 
Multicast packets 
Bytes permitted by policy 


Ss Se 3s) oe Se 


0 


Flow error statistics (Packets dropped due to): 


Address spoofing: 
Authentication failed: 
Incoming NAT errors: 


Invalid zone received packet: 





ultiple user authentications: 
Multiple incoming NAT: 

No parent for a gate: 

No one interested in self packets: 
No minor session: 

No more sessions: 

No NAT cate: 

No FOoute present : 

No SA for incoming SPI: 

No tunnel found: 

No session for a gate: 


No zone or NULL zone binding 





Policy denied: 
Security association not active: 
TCP sequence number out of window: 
Syn-attack protection: 
User authentication errors: 
Protocol inet, MTU: 1500, Generation: 
Flags: Sendbcast-pkt-to-re 


0 





er 7S er eS eae SS Se S&S SS oS aS oS aS Ss Ss SS) 


ESOT 


Route table: 





0 


0 bps 
0 bps 
0 pps 
0 pps 


Addresses, Flags: Dest-route-down Is-—Preferred Is-—Primary 


918 


919 


DeSicaimereaoms L,l.,1l/ea. woeeille Io,i,il,l, Beoackasies 1,1,1,255, 


Generation: 150 


show interfaces terse 


user@host> show interfaces terse 


Interface Admin Link Proto Local Remote 

ge-0/0/0 up up 

ge-0/0/0.0 up up inet 10.209.4.61/18 

gr-0/0/0 up up 

ip-0/0/0 up up 

sto up up 

Sie @ . 1 up ready inet 

ise OOK a0 up up 

Le=—0/ O/C up up 

mt-0/0/0 up up 

pd-0/0/0 up up 

pe-0/0/0 up up 

e3-1/0/0 up up 

t3-2/0/0 up up 

e1-3/0/0 up up 

se-4/0/0 up down 

cl —5/0/C up up 

br-6/0/0 up up 

des 6/0/40 up up 

Ges Gy 0/10iS 2y/-oi) up up 

lxe=6/ 0/0 8 IL down up 

le —6/ 0/0) 3 0 up down 

dlo up up 

d10.0 up up inet 

dsc up up 

gre up up 

ipip up up 

100 up up 

100.16385 up up inet 1050.0.1 --> 0/0 
10,.0.0.16 --> 0/0 

igal up up 

mtun up up 

pimd up up 

pime up up 


ppd up up 


920 


show interfaces terse (vSRX and vSRX 3.0) 


user@host> show interfaces terse 


Interface Admin Link Proto Local Remote 
ge-0/0/0 up up 

ge-0/0/0.0 up up inet 1,1,65,1/24 

ge-0/0/1 up up 

ge-0/0/2 up up 

e-0/0/3 up up 

ge-0/0/4 up up 


show interfaces controller (Channelized E1 IQ with Logical E1) 


user@host> show interfaces controller ce1-1/2/6 


Controller Admin Link 
cel-1/2/6 up up 
el-1/2/6 up up 


show interfaces controller (Channelized E1 IQ with Logical DSO) 


user@host> show interfaces controller ce1-1/2/3 


Controller Admin Link 
esl fas up up 
els=1/ 2/381 up up 
él /2/ S22 up up 


show interfaces descriptions 


user@host> show interfaces descriptions 


Interface Admin Link Description 
so-1/0/0 up up M20-3#1 

so-2/0/0 up up GSR-12#1 
ge-3/0/0 up up SMB-OSPF_Area300 
SOsoy/ 10 up up GSR-13#1 

Sosy ey/ell up up GSR-13#2 
ge-4/0/0 up up T320-7#1 
ge-5/0/0 up up T320-7#2 
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so-7/1/0 up up M160-6#1 
ge-8/0/0 up up T320-7#3 
ge-9/0/0 up up T320-7#4 
so-10/0/0 up up M160-6#2 
so-13/0/0 up up M20-3#2 
so-14/0/0 up up GSR-12#2 
ge-15/0/0 up up SMB-OSPF_Areal100 
ge-15/0/1 up up GSR-13#3 


show interfaces destination-class all 


user@host> show interfaces destination-class all 


Logical interface so-4/0/0.0 





Packets Bytes 
Destination class (packet—per-—second) (bits—per-second) 
gold 0 0 
( 0) ( 0) 
silver 0 
( oO) 0) 
Logical interface so-0/1/3.0 
Packets Bytes 
Destination class (packet—per-—second) (bits-—per-second) 
gold 0 0 
( O) 0) 
silver 0 0 
( O) 0) 
show interfaces diagnostics optics 
user@host> show interfaces diagnostics optics ge-2/0/0 
Physical interface: ge-2/0/0 
Laser bias current : 7.408 mA 
Laser output power Oso OOMmWin/ =“ e568 dBm 
odule temperature : 23 degrees C / 73 degrees F 
odule voltage 8 38,3450 Ww 
Receiver signal average optical power : 0.0002 mW / -36.99 dBm 
Laser bias current high alarm S OEE 
Laser bias current low alarm 8 ONE 
Laser bias current high warning S  ONEIE 
Laser bias current low warning 5 Oigie 
Laser output power high alarm 3 Qc 





Laser output power 


Laser output power 





Laser output power 











odule temperature 
odule temperature 
odule temperature 
odule temperature 
odule voltage hig 
odule voltage low 
odule voltage hig 
odule voltage low 


Laser rx power hig 
Laser rx power low 


Laser rx power hig 





Laser rx power low 
Laser bias current 
Laser bias current 
Laser bias current 
Laser bias current 
Laser output power 
Laser output power 


Laser output power 





Laser output power 











odule temperature 
odule temperature 
odule temperature 
odule temperature 
odule voltage hig 
odule voltage low 
odule voltage hig 
odule voltage low 


Laser rx power hig 
Laser rx power low 


Laser rx power hig 








Laser rx power LOW 


low alarm 
high warning 
low warning 
high alarm 
low alarm 


high warning 





low warning 
h alarm 
alarm 

h warning 
warning 

h alarm 


alarm 





h warning 

warning 

high alarm threshold 
low alarm threshold 
high warning threshold 
low warning threshold 
high alarm threshold 
low alarm threshold 
high warning threshold 
low warning threshold 
high alarm threshold 


low alarm threshold 





high warning threshold 





low warning threshold 
h alarm threshold 
alarm threshold 

h warning threshold 
warning threshold 

h alarm threshold 


alarm threshold 





h warning threshold 


warning threshold 


show interfaces far-end-interval coc12-5/2/0 


Qube 
Osis 
Off 
Oiists 
QuEIE 
Qube 
Ohma 
Off 
Orisa 
@ieie 
Que 
QuEie 
On 

Orisa 
On 

cla 
Lo 
14. 
2610 
0 
0 
oS 
o@ 





0 
0 
0 
0 


95 degrees C / 203 degrees F 


000 mA 
OO mA 

000 mA 
OO mA 

310 mW 
670 mW 
310 mw 
790 mW 


/ =2.00 dBm 
f =i. 7a chek 
/ -2.00 dBm 
# =1i1.02 Glenn 








user@host> show interfaces far-end-interval coc12-5/2/0 


Physical interface: 
OSs 0 [eure mts 
aS=ihe i, SmS=e i, 











cocl2-5/2/0, SNMP ifIndex: 


UAS-L: 0 


25 degrees C / -13 degr 

90 degrees C / 194 degrees F 

20 degrees C / —4 degr 

36900 W 

Za OO maNy 

35 HOO W 

2 S00 W 

1.2590 mw / 1.00 dBm 

0.0100 mw / —20.00 dBm 

0.7940 mw / -1.00 dBm 

0.0158 mw / -18.01 dBm 
eal 
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WSiglS—OSs S03 


OSH 


04: 


04: 





04 

















ES-L 














BOW =O)4l ¢ 1L5) 8 





AS-L: 


AS-L: 


AS-L: 


AS-L: 


ig @ 
bg @ 
be @ 
ig @) 
ig 0) 





AS-L; 


show interfaces far-end-interval coc1-5/2/1:1 


user@host> run show interfaces far-end-interval coc1-5/2/1:1 


Physical interface: 
05:30-current 
ES-L 


05 


05 


04: 


04: 


04: 





04 


1, 


S 


ES-L 





BIL S—Wis 6 S103 


ES-L 


SE 





0, 


SOOO Ss 1L5 8 


























700-045: 


show interfaces filters 


Coc Sy 27/ seal 








AS-L 


AS-L 


AS-L 


AS-L 


AS=L 


AS-l 


























user@host> show interfaces filters 


Interface 
ge-0/0/0 
ge-0/0/0.0 


ge-5/0/0 
ge-5/0/0.0 


OU, ES—e* 





SNMP ifIndex: 


S128 


IS s 


nS=2 8 


nS 128 


InS\—12) 8 





IS\—12) 8 


Admin Link Proto Input Filter 


up 
up 


up 
up 


up 
up 


up 
up 


inet 


iso 


any 


inet 





342 

















Output Filter 


f-any 


Ean 
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multiservice 
gr-0/3/0 up up 
ip-0/3/0 up up 
mt-—0/3/0 up up 
pd-0/3/0 up up 
pe=0/3s/ 0 up up 
Viteoe OV nSH/A0) up up 
ae=i1/0/C up up 
at-1/0/0.0 up up inet 
iso 
aie il L/W up down 
aie L/L /0) 0 up down inet 
iso 


show interfaces flow-statistics (Gigabit Ethernet) 


user@host> show interfaces flow-statistics ge-0/0/1.0 


Logical interface ge-0/0/1.0 (Index 70) (SNMP ifIndex 49) 


pgm 
pim rip router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http 
https ike 
netconf ping rlogin rpm rsh snmp snmp-trap ssh telnet tracerout 
Se sises 
lsping 

















Flags: SNMP-Traps Encapsulation: ENET2 
IMU Oa Cecile smeseolnols 
Output packets: 83 


Security: Zone: zone2 


Allowed host-inbound traffic : bootp bfd bgp dns dvmrp 


Flow Statistics 


Flow Input statistics 


Self packets : 0 
ICMP packets : 0 
VPN packets : 2564 
Bytes permitted by policy : 3478 
Connections established : il 


LOW OMIEOUIE SIEGES eS s 
Multicast packets : 0 
Bytes permitted by policy : 16994 


Flow error statistics (Packets dropped due to): 


Address spoofing: 0 
Authentication failed: 0 


ldp msdp nhrp ospf 





xnm-clear-text 


924 


925 


Incoming NAT errors: 





Invalid zone received packet: 
Multiple user authentications: 
Multiple incoming NAT: 

No parent for a gate: 


No one interested in self packets: 





No minor session: 

No more sessions: 

No NAT gate: 

No route present : 

No SA for incoming SPI: 
No tunnel found: 

No session for a gate: 


No zone or NULL zone binding 





Policy denied: 
Security association not active: 
TCP sequence number out of window: 


Syn-attack protection: 





er ee @ eo) Se 2 ere eo Se Se) Se ~~ Se Se je) eS 


User authentication errors: 
hace eK) oro Mums s a\—5 cea VM Oi oO) 0) 
Flags: None 





Addresses, Flags: Is-Preferred Is—Primary 
DeStamaciLoms 203,0,11S,1/24, woeals 203.0,113.2, Breoaceasics 2.2.2.255 


show interfaces interval (Channelized OC12) 


user@host> show interfaces interval t3-0/3/0:0 


Physical interface: t3-0/3/0:0, SNMP if Index: 23 


i aoc hrolb hasal—yoqou 










































































Beye eo 0 Ce 0 Cea Ue eee ee oe 0, eo Ue CO Oe ty, 
SEES: U0, UlS? 0 

LY R23 ease 
WeEWs O, REVS WO, COws O, WSs O, Bisss WO, Pass O, Cass WO, CSeSe OW, 
SEEPS: 0, UAG: 0 

LI SLI=L7 e282 
WOWs O, POWs OW, COws O, WSs O, MimSs O, PSaSs O, Cases O, CSesSe O, 
SEES: 0, UlS* 0 

ISR S817 ¢iss 
WEWs OW, BREWS: OW, COws O, MES: OW, Bisse OW, PSaSe OC, Cass OC, Cass OW, 
SEFGs 0, UAGs 0 

IG pasos S332 
WeWws OW, BEWs OW, CCws O, mass O, BaSs OU, PSaSe O, Cases @, CSESs O, 

















Interval Total: 





























































































































LCV: 230, PCV: 1145859, CCV: 455470, LES: 0, 
CES: 230, CSES: 230, SEFS: 230, UAS: 238 
show interfaces interval (E3) 
user@host> show interfaces interval e3-0/3/0 
Phy suecalesinterwerace- es — 0) 5/0) SNMP sist liclesccse2 3 
17:43-current: 
LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 
SEES: 0, UnSe 0 
8 oi 7 ess 2 
LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 
SErecs 0, UAGs 
LP gis 7 e283 
LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 
SEES? 0, Uns? 0 
16:58-17:13: 
LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 
SEFe: ©, UAG: 0 
1G2 ASG s SS 2 
NGVENOPEPGVEN OPE CCVE OPEELES: OP PES MOP PSHGl: 
Interval Total: 
LOWS 230, BOWE IIASGS9, Cove 255470, mse 0, 
CES: 230, CSES: 230, SEFS: 230, UAS: 238 
show interfaces interval (SONET/SDH) (SRX devices) 
user@host> show interfaces interval so-0/1/0 
Physical interface: so-0/1/0, SNMP ifIndex: 19 
2002 Guise miter: 
ES-S: 0, SES-S: 0, SEFS-S: 0, ES-L: 0, SES-L: 
SES-P: 0, UAS-P: 0 
UE) 3 AY 20) S10)2 2 
ES-S: 267, SES-S: 267, SEFS-S: 267, ES-L: 267 
ES-P: 267, SES-P: 267, UAS-P: 267 
19:32-19:47: 
ES-S: 56, SES-S: 56, SEFS-S: 56, ES-L: 56, SE 
SES-P: 56, UAS-P: 46 








9) 
El 
n 





‘U 
El 
n 





0, 





ZOOr 


Q 
tA 
n 





Q 
tA 
n 





Q 
tA 
n 





Q 
tA 
n 








Q 
tA 
n 


ZSOF 


WAS Sin: 


























PSH SiS Oly 
0, CSES: 0, 
0, CSES: 0, 
0, CSES: 0, 
0, CSES: 0, 
0, CSES: 0, 

PSaSe 230, 

0, ES-P 
267, UAS-L: 
UAS-L: 46, 


ie] 





26, 


56, 
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Lg Lys B23 

ES=Se O, Sas-—Se O, SaeS-S3 0, BS-ibs O, SaS—ibs O, WAS=Ib8 O, 
SmS=2s O, WAS=2¢ 

19302-19872 























show interfaces load-balancing (SRX devices) 


user@host> show interfaces load-balancing 


Interface State Last change Member count 
ams 0 Up OOO Z 
ams1 Up 00:00:59 2 


show interfaces load-balancing detail (SRX devices) 


user@host>show interfaces load-balancing detail 


Load-balancing interfaces detail 


Interface : amsO 

State 5 Ihe) 

Last change mec OOhroplt 

Member count Bes 

Members 
Interface Weight State 
mams-—2/0/0 10 Active 
mams—2/1/0 10 Active 


show interfaces mac-database (All MAC Addresses on a Port SRX devices) 


user@host> show interfaces mac-database xe-0/3/3 





Physical interface: xe-0/3/3, Enabled, Physical link is Up 
Interface index: 372, SNMP ifIndex: 788 
Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Speed: 











None, Source filtering: Disabled, Flow control: Enabled 
Device flags : Present Running 


Interface flags: SNMP-Traps Internal: 0x4000 





Link flags : None 





10Gbps, 


Loopback: 
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Logical interface xe-0/3/3.0 


Flags: 


00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 


00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
Number of MAC addresses 


OWs 
GOR 
(ol0}e 
Gok 
COR 
ee 
COR 
Ge 
Gok 
Cor 
Ok 
ees 
Ge 
Gide 
Gor 
Gis e 
Ges 
eee 
Ges 
Gor 
Gor 


SNMP-Traps 0x4004000 
MAC address 


00:00:00 
Oz 
E10} 
204 
FOS; 
206 
gO? 
208 
Oo) 
:0a 
:0b 
sO 
OS) 
204 
EOS 
1:06 
gO? 
208 
EOS) 
:0a 
ZL Elo 


S) 
{(S) 


So GC ec Se S&S oS S| ec ec ec & S&S oS Sc cS ce oS & 








aS oe So a oe oc 2a S&S S& oe oc ae 2 Ss S&S oS S&S 


WOA SEAL 
PUZSe2 
OZ Sion 
TOA SEAL 
WOABSL 
VOA SEAL 





(Index 364) 





Input frames 


1 
0 
0 
0 
0 
0 


0 


7023809 
7023809 
7023809 
7023809 
30424784 
30424784 
30424716 
30424789 
30424788 
30424783 
30424783 
8836796 
30424712 
30424715 








alk 


Encapsulation: 








ENET2 








Input bytes 


56 

S250 957160 

323095260 

8260957160 

323095260 

323095260 

323095260 

JASOOSZ 1A 

826109 524 

SAO 2 1A 

323095214 

1399540064 
1399540064 
LIES SOISS 
1399540294 
1399540248 
1399540018 
1399540018 
406492616 

LSID S9 1D 
1399536890 





(SNMP ifIndex 829) 


Output frames 


3744 
3744 
3744 
3744 
3744 
3744 
3744 


Qa oS oS & @& & © 2 © Ss 


8598 
8598 
8523 
8598 
8597 
Sao) T 
8596 


8836795 


3744 





3744 


O41 
8523 


show interfaces mac-database (All MAC Addresses on a Service SRX devices) 


user@host> show interfaces mac-database xe-0/3/3 


Logical interface xe-0/3/3.0 


Flags: 


00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 


00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 
00: 


00 


GOr 
COR 
es 
COR 
Cle 
GOR 
elOhe 
Ok: 
COR 


SNMP-Traps 0x4004000 
MAC address 


:00:00:00 
al g OL gi0}2 
F103) 
204 
BOS; 
206 
Lgioy 
208 
OO) 
20a 








aS Ss ec oe ae & & S&S 
es es 2 S|] S&S cf ec Ss 


OZ Sion 
TWOASE AL 
WAS 
VO AREAL 
702381 
702381 





(Index 364) 





Encapsulation: 


Input frames 


Se is) a fe & i 


0 


7023809 
7023809 
7023809 


(SNMP i 


fIndex 829) 








ENET2 








Input bytes 


56 
8250957160 
323095260 
6250952160 
S23 02 52160 
BZ S09 57100 
323095260 
B25 09 57504 
323095214 
323095214 





Output frames 


SES ae aS eS ee Oe OS eS) 


Output bytes 


eo, ee oe eS eo eS eS = 





0 
LYIZZAGCS ISOS 
IV 22Z63990'8 
IT 22632.0518 
1722635508 
1722635462 
1722635462 
1722635416 
406492570 
LIAZZSS IOS 
1722632058 


Output bytes 





er ene Ss ea Se Se we eS Se 


928 


WO SOWZeOs Wl gwileOls 7023809 SA SOS 214! 
WO SOO sess Gil sO soz 31016568 1426762128 
WOR OORIC St Ones Ons 0S 31016568 1426762128 
00:00:c8:01:01:04 31016499 1426758954 
VOROVZee sO gO sos ALO LSS) 7s) 1426762358 
WO SOWZeSs Ol sOLEOe SlOMooS 1426762358 
WO ROWgee EO sWilEO7 31016567 1426762082 
WO OOR Se: OnesOnes Ors 31016567 1426762082 
WO SOOSeS eG sot sos) 9428580 433714680 
00:00:c8:01:01:0a 31016496 1426758816 
WO ROWZe8s Wil sWILEOls 31016498 1426758908 














show interfaces mac-database mac-address 


user@host> show interfaces mac-database xe-0/3/3 mac-address (SRX devices) 00:00:c8:01:01:09 





3804 
3804 
3804 
3804 
3804 
3804 
38040 


381 
382 
306 
Sis} il 
Sisal 
380 
Se 


9428580 


38040 
38040 











Physical interface: xe-0/3/3, Enabled, Physical link is Up 


Interface index: 372, SNMP ifIndex: 788 











Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, 


Speed: 


None, Source filtering: Disabled, Flow control: Enabled 


Device flags : Present Running 
Interface flags: SNMP-Traps Internal: 0x4000 


Link flags : None 











Flags: SNMP-Traps 0x4004000 Encapsulation: ENET2 
MAC MadeisesisimmOl0: 2 OOnie Cri Ole Ole OS mmlny el me Ommsieciuiae ly, 











Input bytes 8 AOZ 3246052 

Output bytes : 202324560 

Input frames B ASN Sie 

Output frames : 4398360 
Policer statistics: 
Policer type Discarded frames Discarded bytes 
Output aggregate 89923316 183649756 


show interfaces mc-ae (SRX devices) 


user@host> show interfaces mc-ae aeO unit 512 


Member Links : aed 
Local Status : active 


Peer Status : active 


304 
307 


10Gbps, 


Logical interface xe-0/3/3.0 (Index 364) (SNMP ifIndex 829) 


174 
174 
174 
174 
174 
174 
174 


0 
KIS VAG 
MIS VDT 
9854076 
9857526 
VIS) 1 DAG) 
9857480 
9857434 


433714680 


174 
174 





9853984 
9854122 


Loopback: 


929 


930 











Logical Interface ir K-10 oye 4 
Core Facing Interface : Label Ethernet Interfac 
IC ee by : Label Ethernet Interfac 








show interfaces media (SONET/SDH) 


The following example displays the output fields unique to the show interfaces media command for a 
SONET interface (with no level of output specified): 


user@host> show interfaces media so-4/1/2 





Physical interface: so-4/1/2, Enabled, Physical link is Up 
imtertaces index: 63) se oNMP ante cextse 495 





Link-level type: PPP, MTU: 4474, Clocking: Internal, SONET mode, Speed: OC48, 





Loopback: None, FCS: 16, Payload scrambler: Enabled 

Device flags : Present Running 

Interface flags: Point-To-Point SNMP-Traps 16384 

Link flags : Keepalives 

Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 
Keepalive: Input: 1783 (00:00:00 ago), Output: 1786 (00:00:08 ago) 
LCP state: Opened 





NCP state: inet: Not-configured, inet6: Not-configured, iso: Not-configured, 
mpls: Not-configured 


CHAP state: Not-configured 











CoS queues : 8 supported 

Last flapped 8 ZAWOS=-OGO—LS I2givehs wpm (@4e sie 2s exo) 
Input rate Ome OSM (Om ODS) 

Output rate 70 sbps (0 ops) 

SONET alarms : None 

SONET defects : None 

SONET errors: 








BIP-Bl: 121, BIP-B2: 916, REI-L: 0, BIP-B3: 137, RI 





ea 





E=23 6747, WIP=BUPZ2 0) 





Received path trace: routerb so-1/1/2 





Transmitted path trace: routera so-4/1/2 


show interfaces policers (SRX devices) 


user@host> show interfaces policers 


Interface Admin Link Proto Input Policer Output Policer 
ge-0/0/0 up up 
ge-0/0/0.0 up up inet 


iso 





iss OS 10 up up 

ip-0/3/0 up up 

mt-—0/3/0 up up 

pd-0/3/0 up up 

Denys /0 up up 

SO OVO up up 

so-2/0/0.0 up up inet so-2/0/0.0-in-policer so-2/0/0.0-out-policer 

iso 
So=2/ 17/0 up down 


show interfaces policers interface-name (SRX devices) 


user@host> show interfaces policers so-2/1/0 





Interface Admin Link Proto Input Policer Output Policer 
BO=2/1/C up down 
SO 7/6/00 up down necEESO> sy h/0MO0 =n poOlkccruso> 2/1 l/10m0 —Oul— Olle ts 
iso 
inet6 


show interfaces queue (SRX devices) 


The following truncated example shows the CoS queue sizes for queues O, 1, and 3. Queue 1 has a queue 


buffer size (guaranteed allocated memory) of 9192 bytes. 


user@host> show interfaces queue 





Physical interface: ge-0/0/0, Enabled, Physical link is Up 


Interface index: 134, SNMP ifIndex: 509 


Forwarding classes: 8 supported, 8 in use 





Egress queues: 8 supported, 8 in use 
Queue: 0, Forwarding classes: class0 
Queued: 

Packets 

Byres 
Transmitted: 

Packets 

Bytes 





Tail-dropped packets 





RL-dropped packets 





SS 2 2 <4 


PPS 


0 bps 





a ea 


Pps 
bps 
Pps 
Pps 
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vs) 


L-dropped bytes 





Ge) 


ED-dropped packets 





Low 

edium-low 
edium-high 

High 
RED-dropped bytes 





Low 
edium-low 


edium-high 





High 
Queue Buffer Usag 





Reserved buffer 
Queue-depth bytes 


Current 


Queue: 1, Forwarding classes: 


Queue Buffer Usag 





Reserved buffer 
Queue-depth bytes 


Current 


Queue: 3, Forwarding classes: 


Queued: 


Queue Buffer Usag 





Reserved buffer 
Queue-depth bytes 


Current 


classl 


class3 


show interfaces redundancy (SRX devices) 


user@host> show interfaces redundancy 


Interface State 


rsp0 Not present 


Last change 


rspl On secondary 1d 23:56 


SS (SS SSS SS aS SE 


118750000 bytes 





9192 bytes 


6250000 bytes 


0 
Primary Secondary 
so-1/0/ 0 sp-0/2/0 
spo 1/2/0 sp-0/3/0 


bps 
pps 
pps 
pps 
pps 
pps 
bps 
bps 
bps 
bps 


er jer je, jer Se jer 2) je. eo je Se 





bps 


Current status 
both down 


primary down 


932 


rsp2 On primary 


rlsq0 


On primary 


LO Oe 27 
00:06:24 


Spa so 
lsse-O0/ 3/0 


sp-0/2/0 


show interfaces redundancy (Aggregated Ethernet SRX devices) 


user@host> show interfaces redundancy 


IMmEGIEACS Seas 
rlsq0 
ae0d 
ael 
ae2 
aes 


ae4 


On secondary 


Secondary 
1lsq-3/0/0 


Last change Primary 
OOsS6cilzZ 1lsq-4/0/0 


show interfaces redundancy detail (SRX devices) 


user@host> show interfaces redundancy detail 


Interface 
State 
Last change 
Primary 
Secondary 
CUBES niEmstcletis 


Mode 


Interface 
State 


Last change 





Primary 
Secondary 
Culsaomemsimciets 


Mode 


rlsqo0 

On primary 
00:45:47 
Ise H0/2/C 
LScgel/2y/e 
both up 
hot-standby 


rlsq0:0 

On primary 
00:45:46 
Esq=0i/ 2/0/20 
IiseHl/2/0sC 
both up 


warm-standby 


show interfaces routing brief (SRX devices) 


user@host> show interfaces routing brief 


Interface 
soO-5/0/ S.C 
sO=-5/0/2 0.0 


Down ISO 
Up 


State Addresses 


enabled 
MPLS enabled 


secondary down 


ISG-1/0/0 Isxeielr wis 


Current status 


both up 


933 


934 


ES © enabled 
INE 192 168.2. 120 
INE enabled 
SO oy 10/0) Up MPLS enabled 
I 
I 
ne 











SO enabled 
NE UO MGS. 2 o LO 
NE enabled 

















at-1/0/0.3 Up GEE enabled 
ge /0/0 2 Up CEE enabled 
at-1/0/0.0 Up Iso enabled 





INE 192. 168. 90, 10 
INET enabled 
100.0 Up HES) AVPAUO Oreo Otero OOF OO OOP O MOS en 0 OO eso AsieG S0ORro Oodle 010) 
TSO enabled 
INE 127 60.0.1 














igo OW Up 











£xp0.0 Up IN LY) 5 LOS 5 5 SO) 


E 


show interfaces routing detail (SRX devices) 


user@host> show interfaces routing detail 


sO=5/0/ 3.0 
Index: 15, Refcount: 2, State: Up <Broadcast PointToPoint Multicast> Change:<> 
Metric: 0, Up/down transitions: 0, Full-duplex 





Link layer: HDLC serial line Encapsulation: PPP Bandwidth: 155Mbps 
ISO address (null) 
State: <Broadcast PointToPoint Multicast> Change: <> 
Preference: 0 (120 down), Metric: 0, MTU: 4470 bytes 
SOR AOV Zan 
Index: 14, Refcount: 7, State: <Up Broadcast PointToPoint Multicast> Change:<> 
Metric: 0, Up/down transitions: 0, Full-duplex 
Link layer: HDLC serial line Encapsulation: PPP Bandwidth: 155Mbps 
MPLS address (null) 





State: <Up Broadcast PointToPoint Multicast> Change: <> 
Preference: 0 (120 down), Metric: 0, MTU: 4458 bytes 
ISO address (null) 

State: <Up Broadcast PointToPoint Multicast> Change: <> 
Preference: 0 (120 down), Metric: 0, MTU: 4470 bytes 
INET address 192.168.2.120 


State: <Up Broadcast PointToPoint Multicast Localup> Change: <> 








Preference: 0 (120 down), Metric: 0, MTU: 4470 bytes 
Ihexeall exclolaasis3 i992, Io 62, LAO 
Destination: 192.168.2.110/32 





INET address (null) 
State: <Up Broadcast PointToPoint Multicast> Change: <> 





Preference: 0 (120 down), Metric: 0, MTU: 4470 bytes 


show interfaces routing-instance all (SRX devices) 


user@host> show interfaces terse routing-instance all 


Interface Admin Link Proto Local Remote Instance 
at-0/0/1 up up inet 10.0,0,1/24 

ge-0/0/0.0 up up inet 192 168 4 ,28)/ 2a sample-a 
ae-O/1/O,0 we up inet6 fe80::a:0:0:4/64 sample-b 
so-0/0/0.0 up up inet 10.0.0 ,1/32 


show interfaces snmp-index (SRX devices) 


user@host> show interfaces snmp-index 33 





Physical interface: so-2/1/1, Enabled, Physical link is Down 
Interface index: 149, SNMP ifIndex: 33 
Link-level type: PPP, MTU: 4474, Clocking: Internal, SONET mode, Speed: OC48, 








Loopback: None, FCS: 16, Payload scrambler: Enabled 
Device flags : Present Running Down 


Interface flags: Hardware-Down Point-To-Point SNMP-Traps 16384 














Link flags : Keepalives 

Cosmgucucs : 8 supported 

Last flapped § AVWOS-OG—15 Wig4seh7 www (WSssSets exo) 
Input rate OM OD Sm COM OOS) 

Output rate =O bpse (Oops) 

SONET alarms 5 Ob, Ib, ILWOS 

SONET defects - LOG, PLL, LO, BOS, SEF, AlS-—L, Ais-P 





























show interfaces source-class all (SRX devices) 


user@host> show interfaces source-class all 


Logical interface so-0/1/0.0 


Packets Bytes 
Source class (packet-—per-second) (bits—per-second) 
gold L9Y23095 LGUDSINO 


( 889) ( aITVS2Z)) 


935 


bronze 


silver 


Logical interface so-0/1/3.0 


Source class 





























(packet-—per-second) 
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0 0 
@) ¢ 0) 
0 0 
@) | 0) 
Packets Bytes 


(bits—per-second) 





gold 0 0 
( 0) ( 0) 
bronze 0 0 
( @) | 0) 
silver TLL 9753492 
( BIe)) | 631616) 
show interfaces statistics (Fast Ethernet SRX devices) 
user@host> show interfaces fe-1/3/1 statistics 
Physical interface: fe-1/3/1, Enabled, Physical link is Up 
Interface index: 144, SNMP ifIndex: 1042 
DES Cima e hon me rotcumac ly Ay/al: 
Link-level typ Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled, 
Source filtering: Disabled, Flow control: Enabled 
Device flags Present Running 
Interface flags: SNMP-Traps Internal: 0x4000 
CoS queues 4 supported, 4 maximum usable queues 
Current address: 00:90:69:93:04:dc, Hardware address: 00:90:69:93:04:dc 
Last flapped ZAOQOG-O4—=1Ls OSeOsss9 Wow (OOs@ile 24 rex) 
Statistics last cleared: Never 
Input rate 0 bps (0 pps) 
Output rate 0 bps (0 pps) 
Input errors: 0, Output errors: 0 
Active alarms None 
Active defects None 
Logical interface fe-1/3/1.0 (Index 69) (SNMP ifIndex 50) 
Flags: SNMP-Traps Encapsulation: ENET2 
PicOeOcol alineie, MUS SOO 
WIAGSs LS-Piclwemy, WOW, Sew 
Packets Bytes 
Destination class (packet—per-—second) (bits—per-second) 
silverl 0 0 
( Oa 0) 
silver2 0 0 
( O) « 0) 


silver3 0 0 
( Oa 0) 
Addresses, Flags: Is-Default Is-Preferred Is-—Primary 
DASEIMEettLeMms 1O,27 245/24, wecals 10.27.2452, 
BroccCeasicg 10.27 .245,255 
Protocol iso, MTU: 1497 





Flags: Is-Primary 


show interfaces switch-port (SRX devices) 


user@host# show interfaces ge-slot/0/0 switch-port port-number 


Pome OW, winveatoctl ilajale as Wis 





Speed: 100mbps, Auto-negotiation: Enabled 








Sieclasieke se Receive Transmit 
Total bytes 28437086 20792250 
Total packets 409145 88008 
Unicast packets 9987 S387 
Multicast packets 145002 0 
Broadcast packets ZEAL) 4191 
Multiple collisions 23 10 
FIFO/CRC/Align errors 0 0 

IAC pause frames 0 
Oversized frames 
Runt frames 


Jabber frames 


Fragment frames 





ES 1S) 6S as eS 


Discarded frames 
Autonegotiation information: 
Negotiation status: Complete 
Link partner: 
Link mode: Full-duplex, Flow control: None, Remote fault: OK, Link 
partner Speed: 100 Mbps 
Local resolution: 


Flow control: None, Remote fault: Link OK 


show interfaces transport pm (SRX devices) 


user@host> show interfaces transport pm all current et-0/1/0 


Physical interface: et-0/1/0, SNMP ifIndex 515 





14:45-current Elapse time:900 Seconds 


Near End Suspect Flag:False Reason:None 





937 











































































































































































































‘eS COUNT THRESHOLD TCA-ENABLED TCA-RAISED 
OTU-BBE 0 800 No No 
O@TU-ES 0 135 No No 

U-SES 0 90 No No 
OTU-UAS 427 90 No No 
Far End Suspect Flag:True Reason: Unknown 

P COUNT THRESHOLD TCA-ENABLED TCA-RAISED 

U-BBE 0 800 No No 
OTHUS Bis 0 135 No No 
OTU-SES 0 90 No No 
OTU-UAS 0 90 No No 
Near End Suspect Flag:False Reason:None 

P COUNT THRESHOLD TCA-ENABLED TCA-RAISED 
ODU-BBE 0 800 No No 
ODU-E'S 0 135 No No 
ODU-SES 0 90 No No 
ODU-UAS 427 90 No No 
Far End Suspect Flag:True Reason: Unknown 

P COUNT THRESHOLD TCA-ENABLED TCA-RAISED 
ODU-BBE 0 800 No No 
ODU-ES 0 135 No No 
ODU-SES 0 90 No No 
ODU-UAS 0 90 No No 
FEC Suspect Flag:False Reason:None 

P COUNT THRESHOLD TCA-ENABLED TCA-RAISED 
FEC-CorrectedErr 2008544300 0 NA NA 
FEC-UncorrectedWords 0 0 NA NA 
BER Suspect Flag:False Reason:None 

PM MIN MAX AVG THRESHOLD TCA-ENABLED 

TCA-RAISED 
BER 3.6e-5 BimitsKeee) 3.6e-5 10.0e-3 No 

Yes 
Physical interface: et-0/1/0, SNMP ifIndex 515 
14: 45-current 
Suspect Flag:True Reason:Object Disabled 
PM CURRENT MIN MAX AVG THRESHOLD 
TCA-ENABLED TCA-RAISED 
(MIN) 
(MAX) (MIN) (MAX) (MIN) (MAX) 
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Lane chromatic dispersion 


0 NA NA NA 





Lane differential group delay 


0 NA NA NA 
q Value 
0 NA NA NA 
SNR 
0 NA NA NA 


Tx output power (0.01dBm) 
-100 No fo) No 
Rx input power (0.01dBm) 
S100) fe) fe) No 
Module temperature (Celsius) 





YS No No No 
Tx laser bias current (0.1mA) 
0 NA NA NA 
Rx laser bias current (0.1mA) 
0 A A NA 
Carrier frequency offset (MHz) 


5000 No ° No 














show security zones (SRX devices) 


user@host> show security zones 


Functional zone: management 


NA 


NA 


120 


NA 


28 


S000) 


-3642 


46 


LG 


S18i6 








Description: This is the management zon 


Policy configurable: No 
Interfaces bound: 1 
Interfaces: 

ge-0/0/0.0 


Security zone: Host 


Description: This is the host zone. 


Send reset for non-SYN session TCP packets: 


Policy configurable: Yes 
Interfaces bound: 1 
Interfaces: 

fxp0.0 


Security zone: abc 


Description: This is the abc zone. 


Send reset for non-SYN session TCP packets: 


Policy configurable: Yes 
Interfaces bound: 1 


Interfaces: 


120 


28 


-5000 


=3065 


46 


L2H) 


SIG 


Off 


Off 


120 


2S) 


-5000 


=SO26 


46 


177.0) 


SaESio 


120 


28 


-5000 


=3637/ 


46 


e770) 


SaEsio 


939 


=S100) 


-1800 


-5000 


940 
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| show interfaces diagnostics optics 


Syntax 


show interfaces diagnostics optics interface-name 


Release Information 
Command introduced in Junos OS Release 10.1. 


Description 

Display diagnostics data and alarms for Gigabit Ethernet optical transceivers (SFP) installed in SRX Series 
Services Gateways. The information provided by this command is known as digital optical monitoring 
(DOM) information. 


Thresholds that trigger a high alarm, low alarm, high warning, or low warning are set by the transponder 
vendors. Generally, a high alarm or low alarm indicates that the optics module is not operating properly. 
This information can be used to diagnose why a transceiver is not working. 


NOTE: Ina chassis cluster, the show interfaces diagnostics optics command works only on the 
node that is primary in redundancy group O (RGO). 


Options 
interface-name—Name of the interface associated with the port in which the transceiver is installed: 
ge-fpc/pic/port . 


Required Privilege Level 
view 


RELATED DOCUMENTATION 
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List of Sample Output 
show interfaces diagnostics optics on page 945 


Output Fields 


Table 60 on page 942 lists the output fields for the show interfaces diagnostics optics command. Output 
fields are listed in the general order in which they appear. 
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Table 60: show interfaces diagnostics optics Output Fields 


Field Name 


Physical interface 


Laser bias current 


Laser output power 


Module temperature 


Module voltage 


Receiver signal average optical power 


Laser bias current high alarm 


Laser bias current low alarm 


Laser bias current high warning 


Laser bias current low warning 


Laser output power high alarm 


Laser output power low alarm 


Laser output power high warning 


Laser output power low warning 


Module temperature high alarm 


Module temperature low alarm 


Field Description 

Displays the name of the physical interface. 

Displays the magnitude of the laser bias power setting current, in 
milliamperes. The laser bias provides direct modulation of laser 


diodes and modulates currents. 


Displays the laser output power, in milliwatts (mW) and decibels 
referred to 1.0 mW (dBm). 


Displays the temperature, in Celsius and Fahrenheit. 


Displays the voltage, in Volts. 


Displays the receiver signal average optical power, in milliwatts 
(mW) and decibels referred to 1.0 mW (dBm). 


Displays whether the laser bias power setting high alarm is On or 
Off. 


Displays whether the laser bias power setting low alarm is On or 
Off. 


Displays whether the laser bias power setting high warning is On 
or Off. 


Displays whether the laser bias power setting low warning is On or 
Off. 


Displays whether the laser output power high alarm is On or Off. 


Displays whether the laser output power low alarm is On or Off. 


Displays whether the laser output power high warning is On or Off. 


Displays whether the laser output power low warning is On or Off. 


Displays whether the module temperature high alarm is On or Off. 


Displays whether the module temperature low alarm is On or Off. 
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Table 60: show interfaces diagnostics optics Output Fields (continued) 


Field Name 


Module temperature high warning 


Module temperature low warning 


Module voltage high alarm 


Module voltage low alarm 


Module voltage high warning 


Module voltage low warning 


Laser rx power high alarm 


Laser rx power low alarm 


Laser rx power high warning 


Laser rx power low warning 


Laser bias current high alarm threshold 


Laser bias current low alarm threshold 


Laser bias current high warning threshold 


Laser bias current low warning threshold 


Laser output power high alarm threshold 


Laser output power low alarm threshold 


Field Description 


Displays whether the module temperature high warning is On or 
Off. 


Displays whether the module temperature low warning is On or 
Off. 


Displays whether the module voltage high alarm is On or Off. 


Displays whether the module voltage low alarm is On or Off. 


Displays whether the module voltage high warning is On or Off. 


Displays whether the module voltage low warning is On or Off. 


Displays whether the receive laser power high alarm is On or Off. 


Displays whether the receive laser power low alarm is On or Off. 


Displays whether the receive laser power high warning is On or Off. 


Displays whether the receive laser power low warning is On or Off. 


Displays the vendor-specified threshold for the laser bias current 
high alarm. 


Displays the vendor-specified threshold for the laser bias current 
low alarm. 


Displays the vendor-specified threshold for the laser bias current 
high warning. 


Displays the vendor-specified threshold for the laser bias current 
low warning. 


Displays the vendor-specified threshold for the laser output power 
high alarm. 


Displays the vendor-specified threshold for the laser output power 
low alarm. 


Table 60: show interfaces diagnostics optics Output Fields (continued) 


Field Name 


Laser output power high warning threshold 


Laser output power low warning threshold 


Module temperature high alarm threshold 


Module temperature low alarm threshold 


Module temperature high warning threshold 


Module temperature low warning threshold 


Module voltage high alarm threshold 


Module voltage low alarm threshold 


Module voltage high warning threshold 


Module voltage low warning threshold 


Laser rx power high alarm threshold 


Laser rx power low alarm threshold 


Laser rx power high warning threshold 


Laser rx power low warning threshold 


Field Description 


Displays the vendor-specified threshold for the laser output power 
high warning. 


Displays the vendor-specified threshold for the laser output power 
low warning. 


Displays the vendor-specified threshold for the module temperature 
high alarm. 


Displays the vendor-specified threshold for the module temperature 
low alarm. 


Displays the vendor-specified threshold for the module temperature 
high warning. 


Displays the vendor-specified threshold for the module temperature 


low warning. 


Displays the vendor-specified threshold for the module voltage high 
alarm. 


Displays the vendor-specified threshold for the module voltage low 
alarm. 


Displays the vendor-specified threshold for the module voltage high 
warning. 


Displays the vendor-specified threshold for the module voltage low 
warning. 


Displays the vendor-specified threshold for the laser rx power high 
alarm. 


Displays the vendor-specified threshold for the laser rx power low 
alarm. 


Displays the vendor-specified threshold for the laser rx power high 
warning. 


Displays the vendor-specified threshold for the laser rx power low 
warning. 
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| Sample Output 


show interfaces diagnostics optics 


user@host> show interfaces diagnostics optics ge-2/0/0 


Physical interface: ge-2/0/0 









































Laser bias current : 7.408 mA 
Laser output power OS OO OMmWit/ “er oicmaEm 
odule temperature : 23 degrees C / 73 degrees F 
odule voltage S So Sa) WwW 
Receiver signal average optical power : 0.0002 mw / -36.99 dBm 
Laser bias current high alarm 5 @OiEie 
Laser bias current low alarm 8 QVEIE 
Laser bias current high warning 8 (OKEIE 
Laser bias current low warning 5  ONEIE 
Laser output power high alarm S Oleie 
Laser output power low alarm 8 @jeie 
Laser output power high warning 8 OVNI 
Laser output power low warning B Oseie 
odule temperature high alarm S  ©Olcic 
odule temperature low alarm 2 Oleic 
odule temperature high warning 8 (ONE 
odule temperature low warning 8 OVE 
odule voltage high alarm 8 @jeie 
odule voltage low alarm 8 Ole 
odule voltage high warning 2 ONEIE 
odule voltage low warning 8 OVI 
Laser rx power high alarm g (OKIE 
Laser rx power low alarm 5 Oi 
Laser rx power high warning 8 @VEie 
Laser rx power low warning OL 
Laser bias current high alarm threshold Ss 17. OOO ivr 
Laser bias current low alarm threshold : 1.000 mA 
Laser bias current high warning threshold : 14.000 mA 
Laser bias current low warning threshold : 2.000 mA 
Laser output power high alarm threshold 0.6310 mw / -2.00 dBm 
Laser output power low alarm threshold 0.0670 mw / -11.74 dBm 
Laser output power high warning threshold 0.6310 mw / -2.00 dBm 
Laser output power low warning threshold 0.0790 mw / -11.02 dBm 
Module temperature high alarm threshold : 95 degrees C / 203 degrees F 
Module temperature low alarm threshold H 25 degrees C / -13 degrees F 
Module temperature high warning threshold : 90 degrees C / 194 degrees F 
Module temperature low warning threshold : -20 degrees C / —4 degrees F 





Module voltage high alarm threshold gs 3,900 W 


Module voltage 
Module voltage 
Module voltage 
Laser rx power 
Laser rx power 


Laser rx power 





IhxelisvSie” 18>,¢ [SION Sag 


low alarm threshold 
high warning threshold 
low warning threshold 
high alarm threshold 
low alarm threshold 


high warning threshold 





low warning threshold 


Se 2 2 iy w 


.700 V 
.700 V 
OO Mavs 
.2590 mW 
.0100 mw 
-7940 mW 
.0158 mW 
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/ 1.00 dBm 
Oro Omecliom 
f =1..00 clea 
f =e, 011 clei 
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| show interfaces flow-statistics 


Syntax 


show interfaces flow-statistics <interface-name> 


Release Information 
Command introduced in Junos OS Release 9.2. 


Description 


Display interfaces flow statistics. 


Options 

Interface-name —(Optional) Display flow statistics about the specified interface. Following is a list of typical 
interface names. Replace pim with the PIM slot and port with the port number. For a complete list, see the 
“Interface Naming Conventions” on page 35. 


e at-pim/0/port—ATM-over-ADSL or ATM-over-SHDSL interface. 
e br-pim/0/port—Basic Rate Interface for establishing ISDN connections. 


ce1-pim/0/port—Channelized E11 interface. 


ct1-pim/0/port—Channelized T1 interface. 


dlO—Dialer Interface for initiating ISDN and USB modem connections. 


e1-pim/0/port—E11 interface. 


e3-pim/0/port—E3 interface. 


fe-pim/0O/ port—Fast Ethernet interface. 


ge-pim/0/port—Gigabit Ethernet interface. 


se-pim/0/port—Serial interface. 


t1-pim/0/port—T1 (also called DS1) interface. 


t3-pim/0/ port—T3 (also called DS3) interface. 


wx-slot/0/O—WAN acceleration interface, for the WXC Integrated Services Module (ISM 200). 
Required Privilege Level 


view 


RELATED DOCUMENTATION 


Understanding Traffic Processing on Security Devices 
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List of Sample Output 


show interfaces flow-statistics (Gigabit Ethernet) on page 951 


Output Fields 


Table 61 on page 948 lists the output fields for the show interfaces flow-statistics command. Output fields 


are listed in the approximate order in which they appear. 


Table 61: show interfaces flow-statistics Output Fields 


Field Name 


Traffic statistics 


Local statistics 


Transit statistics 


Flow input statistics 


Flow output statistics 


Flow error statistics 


Field Description 


Number of packets and bytes transmitted and received on the physical interface. 


Number of packets and bytes transmitted and received on the physical interface. 


Number of packets and bytes transiting the physical interface. 


Statistics on packets received by flow module. 


Statistics on packets sent by flow module. 


Packet drop statistics for the flow module. 


For further details, see Table 62 on page 948. 


Table 62: Flow Error Statistics (Packet Drop Statistics for the Flow Module) 


Error 


Screen: 


Address spoofing 


Syn-attack protection 


VPN: 


Authentication failed 


No SA for incoming SPI 


Security association not active 


Error Description 


The packet was dropped when the screen module detected address spoofing. 


The packet was dropped because of SYN attack protection or SYN cookie protection. 


The packet was dropped because the IPsec Encapsulating Security Payload (ESP) or 
Authentication Header (AH) authentication failed. 


The packet was dropped because the incoming IPsec packet's security parameter 
index (SPI) does not match any known SPI. 


The packet was dropped because an IPsec packet was received for an inactive SA. 
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Table 62: Flow Error Statistics (Packet Drop Statistics for the Flow Module) (continued) 


NAT: 


Incoming NAT errors 


Multiple incoming NAT 


Auth: 


Multiple user authentications 


User authentication errors 


Flow: 


No one interested in self 
packets 


No minor session 


No more sessions 


The source NAT rule search failed, an invalid source NAT binding was found, or the 
NAT allocation failed. 


Sometimes packets are looped through the system more than once; if source NAT 
is specified more than once, the packet will be dropped. 


Sometimes packets are looped through the system more than once. Each time a 
packet passes through the system, that packet must be permitted by a policy. If the 
packet matches more than one policy that specifies user authentication, then it will 
be dropped. 


Packet was dropped because policy requires authentication; however: 


e Only Telnet, FTP, and HTTP traffic can be authenticated. 
e Thecorresponding authentication entry could not be found, if web-auth is specified. 


e The maximum number of authenticated sessions per user was exceeded. 


This counter is incremented for one of the following reasons: 


e The outbound interface is a self interface, but the packet is not marked as a to-self 
packet and the destination address is in a source NAT pool. 


e Noservice is interested in the to-self packet 


e When a zone has ident-reset service enabled, the TCP RST to IDENT request for 
port 113 is sent back and this counter is incremented. 


The packet was dropped because no minor sessions are available and a minor session 
was requested. Minor sessions are allocated for storing additional TCP state 
information. 


The packet was dropped because there were no more free sessions available. 


Table 62: Flow Error Statistics (Packet Drop Statistics for the Flow Module) (continued) 


No route present 


No tunnel found 


No session for a gate 


No zone or NULL zone binding 


Policy denied 


TCP sequence number out of 
window 


The packet was dropped because a valid route was not available to forward the 
packet. 


For new sessions, the counter is incremented for one of the following reasons: 


e No valid route was found to forward the packet. 
e Adiscard or reject route was found. 
e The route could not be added due to lack of memory. 


e The reverse path forwarding check failed for an incoming multicast packet. 


For existing sessions, the prior route was changed or deleted, or a more specific route 
was added. The session is rerouted, and this reroute could fail because: 


e Anew route could not be found; either the previous route was removed, or the 
route was changed to discard or reject. 


e Multiple packets may concurrently force rerouting to occur, and only one packet 
can successfully complete the rerouting process. Other packets will be dropped. 


e The route table was locked for updates by the Routing Engine. Packets that match 
a new session are retried, whereas packets that match an existing session are not. 


The packet was dropped because a valid tunnel could not be found 


This counter is incremented when a packet is destined for an ALG, and the ALG 
decides to drop this packet. 


The packet was dropped because its incoming interface was not bound to any zone. 


The error counter is incremented for one of the following reasons: 


e Source and/or destination NAT has occurred and policy says to drop the packet. 
e Policy specifies user authentication, which failed. 


e Policy was configured to deny this packet. 


A TCP packet with a sequence number failed the TCP sequence number check that 


was received. 


Counters Not Currently in Use 


No parent for a gate 


Invalid zone received packet 


No NAT gate 
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| Sample Output 


show interfaces flow-statistics (Gigabit Ethernet) 


user@host> show interfaces flow-statistics ge-0/0/1.0 


Logical interface ge-0/0/1.0 (Index 70) (SNMP ifIndex 49) 














Flags: SNMP-Traps Encapsulation: ENET2 
MP UM OAC cle smemoneonls 





Output packets: 83 

Security: Zone: zone2 

Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp 
ospf pgm 

pim rip router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http 
https ike 





netconf ping rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text 
xnm-ssl 

lsping 

Flow Statistics 


Flow Input statistics 


Self packets : 0 
ICMP packets : 0 
VPN packets : 2564 
Bytes permitted by policy : 3478 
Connections established : al 


Flow Output statistics: 
Multicast packets : 0 
Bytes permitted by policy : 16994 
Flow error statistics (Packets dropped due to): 
Address spoofing: 0 
Authentication failed: 


Incoming NAT errors: 





Invalid zone received packet: 
ultiple user authentications: 
ultiple incoming NAT: 


No parent for a gate: 





No one interested in self packets: 
No minor session: 

No more sessions: 

NG NAT cate: 

NG rouLe presenL: 

NoOmS AE Ora eeinc Omani guy SiPie: 

No tunnel found: 


No session for a gate: 


oe Tor (2! ep Se er ee ey oS Se eS Ses eS SS 








No zone or NULL zone binding 
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Policy denied: 
Security association not active: 
TCP sequence number out of window: 


Syn-attack protection: 


er 1S) yer er eS 


User authentication errors: 
Protocol inet, MTU: 1500 
Flags: None 





Addresses, Flags: Is-Preferred Is—Primary 


DEStimecieme LOS 0 ,11S,1/24, hoeal?s 203.0.113.2, Birosccasics 2.252.255 
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| show interfaces queue 


Syntax 


show interfaces queue 
<both-ingress-egress> 

<egress> 

<forwarding-class forwarding-class> 
<ingress> 

<interface-name interface-name> 
<|2-statistics> 


Release Information 
Command introduced in Junos OS Release 15.1X49-D30 for vSRX. 


Description 


Display class-of-service (CoS) queue information for physical interfaces. 


NOTE: The queue depth information is only available on vSRX and SRX1500, SRX4100, SRX4200 
and SRX4600 platforms. 


Options 


none—Show detailed CoS queue statistics for all physical interfaces. 
both-ingress-egress—Display both ingress and egress queue statistics. 
egress—Display egress queue statistics. 


forwarding-class forwarding-class—(Optional) Forwarding class name for this queue. Show detailed CoS 
statistics for the queue that is associated with the specified forwarding class. 


ingress—Display ingress queue statistics. 
interface-name interface-name—(Optional) Show detailed CoS queue statistics for the specified interface. 


12-statistics—(Optional) Display Layer 2 statistics for MLPPP, FRF.15, and FRF.16 bundles. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 
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Understanding Class of Service 


List of Sample Output 


show interfaces queue (vSRX) on page 955 
show interfaces queue (vSRX) on page 957 


Output Fields 


Table 63 on page 954 lists the output fields for the show interfaces queue command. Output fields are 


listed in the approximate order in which they appear. 


Table 63: show interfaces queue Output Fields 


Field Name 


Physical interface 


Enabled 


Interface index 


SNMP iflndex 


Forwarding classes 
supported 


Forwarding classes in 
use 


Egress queues 
supported 


Egress queues in use 


Field Description 


Name of the physical interface. 


State of the interface. Possible values are described in the “Enabled Field” section under 


Common Output Fields Description. 


Index number of the physical interface. The number reflects the interface’s initialization 


sequence. 


SNMP index number for the interface. 


Total number of forwarding classes supported on the specified interface. 


Total number of forwarding classes in use on the specified interface. 


Total number of egress queues supported on the specified interface. 


Total number of egress queues in use on the specified interface. 


The following output fields are applicable to both the interface component and Packet Forwarding Engine component 


in the show interfaces queue command: 


Queue 


Forwarding classes 


Queued Packets 


Queued Bytes 


Queue number. 


Forwarding class name. 


Number of packets in this queue. 


Number of bytes in this queue. 
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Table 63: show interfaces queue Output Fields (continued) 


Field Name 


Transmitted Packets 


Transmitted Bytes 


Tail-dropped packets 


RL-dropped bytes 


RED-dropped 
packets 


RED-dropped bytes 


Queue Buffer Usage: 


Queue-Depth 


| Sample Output 


Field Description 

Number of packets transmitted by this queue. When fragmentation occurs on the egress 
interface, the first set of packet counters shows the postfragmentation values. The second 
set of packet counters (displayed under the Packet Forwarding Engine Chassis Queues field) 
shows the prefragmentation values. 

Number of bytes transmitted by this queue. 

Number of packets dropped because of tail drop. 


Number of bytes dropped because of rate limiting. 


Number of packets dropped because of random early detection (RED). 


Number of bytes dropped because of RED. 


e Low, non-TCP—Number of low-loss priority, non-TCP bytes dropped because of RED. 
e Low, TCP—Number of low-loss priority, TCP bytes dropped because of RED. 


High, non-TCP—Number of high-loss priority, non-TCP bytes dropped because of RED. 
e High, TCP—Number of high-loss priority, TCP bytes dropped because of RED. 


e Reserved buffer—The size of the memory buffer that is allocated for storing packets 


e Current—The amount of buffer memory that is currently in use on this queue. 


Current—The maximum number of bytes in this queue, that is currently in use on this queue. 


show interfaces queue (vSRX) 


The following truncated example shows the CoS queue sizes for queues O, 1, and 3. Queue 1 has a queue 


buffer size (guaranteed allocated memory) of 9192 bytes. 


user@host> show interfaces queue 





Physical interface: ge-0/0/0, Enabled, Physical link is Up 
Interface index: 135, SNMP ifIndex: 510 


Forwarding classes: 8 supported, 4 in use 
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Egress queues: 8 supported, 4 in use 


Queue: 0, Forwarding classes: best-effort 





























Queued: 
Packets : 14686 0 pps 
Bytes 5 616812 0 bps 
Transmitted: 
Packets g 14686 0 pps 
Bytes 616812 0 bps 
Tail-dropped packets : 0 O pps 
RL-dropped packets 0 O pps 
RL-dropped bytes 0 0 bps 
RED-dropped packets 0 O pps 
Low 0 O pps 
edium-low 0 O pps 
edium-high 0 0 pps 
High 0 O pps 
RED-dropped bytes 0 0 bps 
Low 0 0 bps 
edium-low 0 0 bps 
edium-high 0 0 bps 
High 0 ORisos 
Queue Buffer Usag 
Reserved buffer 5 118750000 bytes 
Queue-depth bytes 
Current : 0 
Queue: 1, Forwarding classes: expedited-forwarding 
Queued: 
Packets 2 0 0 pps 
Bytes : 0 0 bps 
Transmitted: 
Packets 0 O pps 
Bytes 0 0 bps 
Tail-dropped packets 0 0 pps 
RL-dropped packets 0 O pps 
RL-dropped bytes 0 0 bps 
RED-dropped packets 0 O pps 
Low 0 O pps 
edium-low 0 0 pps 
edium-high 0 0 pps 
High 0 O pps 
RED-dropped bytes 0 0 bps 
Low 0 0 bps 
edium-low 0 0 bps 
edium-high 0 0 bps 
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High 3 0 0 bps 





Queue Buffer Usag 

Reserved buffer 3 9192 bytes 
Queue-depth bytes 

Current 3 0 


Queue: 2, Forwarding classes: assured-forwarding 





























Queued: 
Packets : 0 0 pps 
Bytes g 0 0 bps 
Transmitted: 
Packets 0 0 pps 
Bytes 0 0 bps 
Tail-dropped packets 0 0 pps 
RL-dropped packets 0 0 pps 
RL-dropped bytes 0 0 bps 
RED-dropped packets 0 0 pps 
Low 0 0 pps 
edium-low 0 0 pps 
edium-high 0 0 pps 
High 0 0 pps 
RED-dropped bytes 0 0 bps 
Low 0 0 bps 
edium-low 0 0 bps 
edium-high 0 0 bps 
High 0 0 bps 
Queue Buffer Usag 
Reserved buffer 3 9192 bytes 
Queue-depth bytes 
Current 3 0 


| Sample Output 


show interfaces queue (vSRX) 


user@host> show interfaces queue ge-0/0/3 forwarding-class ef 





Physical interface: ge-0/0/3, Enabled, Physical link is Up 
Interface index: 143, SNMP ifIndex: 510 


Forwarding classes: 8 supported, 4 in use 





Egress queues: 8 supported, 4 in use 


Queue: 1, Forwarding classes: ef 


Queued: 


Packets 


Byes 


Transmitted: 


Packets 


Bytes 





Tail-dropped packets 


R 


R 


R 


R 





L-dropped packets 


L-dropped bytes 


ED-dropped packets 





LOW 


edium-low 
edium-high 

High 

ED-dropped bytes 


LOW 


edium-low 


edium-high 








High 


Queue Buffer Usag 





Reserved buffer 


Queue-depth bytes 


Current 


55034875 
1526912538034 


NYAS) SAL 
1512013543328 
0 

0 

0 

PZ OZOZ 5105) 

0 

0 

0 

126262505 
14898975590 
0 

0 

0 
14898975590 


992 


18998 


bytes 


885424 
835840256 


oo oe oe & 


885424 

0 

0 

0 

885424 
835840728 
0 

0 

0 
835840728 


pps 
bps 


pps 
bps 
pps 
pps 
bps 
pps 
pps 
pps 
pps 
pps 
bps 
bps 
bps 
bps 
bps 
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| show interfaces statistics (View) 


Syntax 


show interfaces statistics interface-name 


Release Information 
Command introduced in Junos OS Release 10.1. 


Description 


Displays the interface input and output statistics for physical and logical interface. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 
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List of Sample Output 
show interfaces statistics on page 959 


| Sample Output 


show interfaces statistics 


user@host> show interfaces statistics st0.1 


Logical interface st0.1 (Index 91) (SN 
Flags: Point-To-Point SNMP-Traps 
Input packets : 2743333 
Output packets: 6790470992 


Security: Zone: untrust 


P ifIndex 268) 





Encapsulation: Secure-Tunnel 


Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp 


ospf pgm pim rip router-discovery rsvp 


sap vrrp dhcp finger ftp tftp ident-reset 


http https ike netconf ping reverse-telnet 





reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text 


xnm-ssl lsping ntp sip 


Protocol inet, MTU: 9192 





Addresses, Flags: Is-—Preferred 
Desiedineicweme 192,167, 1,0/ 30, 


Is-Primary 


ho@ais 192,167.14 
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| show interfaces terse zone 


Syntax 


show interfaces terse zone 


Release Information 
Command introduced in Junos OS Release 12.3X48-D20. 


Description 


Display summary information about zone interfaces. 


Options 


This command has no options. 


Required Privilege Level 
view 


| Sample Output 
show interface terse zone 


user@host> show interface terse zone 


Interface Admin Link PECIEO Local Remote Zone 
ge-0/0/0.0 up up inet 1,4,253 .251/16 trust 


| show ipvé6 neighbors 


Syntax 


show ipv6é neighbors 


Release Information 
Command introduced in Junos OS Release 12.1X45-D10. 


Description 


Display information about the IPv6é neighbor cache. 


Options 


This command has no options. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


clear ipv6é neighbors | 748 


List of Sample Output 
show ipvé neighbors on page 962 


Output Fields 
Table 64 on page 961 lists the output fields for the show ipv6 neighbors command. Output fields are listed 
in the approximate order in which they appear. 


Table 64: show ipv6 neighbors Output Fields 


Field Name Field Description 

IPvé Address Name of the IPvé6 interface. 

Linklayer Address Link-layer address. 

State State of the link: up, down, incomplete, reachable, stale, or unreachable. 
Exp Number of seconds until the entry expires. 


Rtr Whether the neighbor is a routing device: yes or no. 
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Table 64: show ipv6 neighbors Output Fields (continued) 


Field Name Field Description 

Secure Whether this entry was created using the Secure Neighbor Discovery (SEND) 
protocol: yes or no. 

Interface Name of the interface. 


| Sample Output 


show ipvé neighbors 


user@host> show ipvé6 neighbors 








IPv6 Address Linklayer Address State Exp Rtr Secur Interfac 
AO sae 302 OOOO Casi010 = CORIO reachable 17 yes no reth0.0 
Idle Wales 00:19:e2:4b:61:83 stale 1197 yes no aie=1/0/ 0.0 


13912 9 92 00:19:e2:4b:61:83 stale 1188 yes no aie—3/0/ 0.0 
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| show lacp interfaces (View) 


Syntax 


show lacp interfaces interface-name 


Release Information 
Command modified in Junos OS Release 10.2. 


Description 

Display Link Aggregation Control Protocol (LACP) information about the specified aggregated Ethernet 
interface, redundant Ethernet interface, Gigabit Ethernet interface, or 10-Gigabit Ethernet interface. If 
you do not specify an interface name, LACP information for all interfaces is displayed. 


Options 


none—Display LACP information for all interfaces. 
interface-name—(Optional) Display LACP information for the specified interface: 


e Aggregated Ethernet—aenumber 
e Redundant Ethernet—rethnumber 
e Gigabit Ethernet—ge-fpc/pic/port 


e 10-Gigabit Ethernet—xe-fpc/pic/port 


NOTE: The show lacp interfaces command returns the following error message if your system 
is not configured in either active or passive LACP mode: 


“Warning: lacp subsystem not running - not needed by configuration” 


Required Privilege Level 


view 


RELATED DOCUMENTATION 


Verifying LACP on Redundant Ethernet Interfaces 


List of Sample Output 
show lacp interfaces (Aggregated Ethernet) on page 966 
show lacp interfaces (Redundant Ethernet) on page 966 
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show lacp interfaces (Gigabit Ethernet) on page 967 


Output Fields 
Table 65 on page 964 lists the output fields for the show lacp interfaces command. Output fields are listed 
in the approximate order in which they appear. 


Table 65: show lacp interfaces Output Fields 


Field Name Field Description 
Aggregatedinterface Aggregated interface value. 


LACP State LACP state information for each aggregated interface: 


e Role—Role played by the interface. It can be one of the following: 
e Actor—Local device participating in LACP negotiation. 


e Partner—Remote device participating in LACP negotiation. 


e Exp—Expired state. Yes indicates the actor or partner is in an expired state. No indicates 
the actor or partner is not in an expired state. 


e Def—Default. Yes indicates that the actor’s receive machine is using the default operational 
partner information, administratively configured for the partner. No indicates the operational 
partner information in use has been received in a link aggregation control protocol data unit 
(PDU). 


e Dist—Distribution of outgoing frames. No indicates distribution of outgoing frames on the 
link is currently disabled and is not expected to be enabled. Otherwise, the value is Yes. 


e Col—Collection of incoming frames. Yes indicates collection of incoming frames on the link 
is currently enabled and is not expected to be disabled. Otherwise, the value is No. 


e Syn—Synchronization. If the value is Yes, the link is considered synchronized. It has been 
allocated to the correct link aggregation group, the group has been associated with a 
compatible aggregator, and the identity of the link aggregation group is consistent with the 
system ID and operational key information transmitted. If the value is No, the link is not 


synchronized. It is currently not in the right aggregation. 


e Aggr—Ability of aggregation port to aggregate (Yes) or to operate only as an individual link 
(No). 


e Timeout—LACP timeout preference. Periodic transmissions of link aggregation control PDUs 
occur at either a slow or fast transmission rate, depending upon the expressed LACP timeout 
preference (Long Timeout or Short Timeout). 


e Activity—Actor or partner’s port activity. Passive indicates the port's preference for not 
transmitting link aggregation control PDUs unless its partner's control value is Active. Active 
indicates the port’s preference to participate in the protocol regardless of the partner's 
control value. 
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Table 65: show lacp interfaces Output Fields (continued) 


Field Name 


LACP Protocol 


Field Description 


LACP protocol information for each aggregated interface: 


e Link state (active or standby) indicated in parentheses next to the interface when link 


protection is configured. 


e Receive State—One of the following values: 


Current—The state machine receives a link aggregation control PDU and enters the 
Current state. 


Defaulted—If no link aggregation control PDU is received before the timer for the Current 
state expires a second time, the state machine enters the Defaulted state. 

Expired—If no link aggregation control PDU is received before the timer for the Current 
state expires once, the state machine enters the Expired state. 

Initialize—When the physical connectivity of a link changes or a Begin event occurs, the 
state machine enters the Initialize state. 

LACP Disabled—If the port is operating in half duplex, the operation of LACP is disabled 


on the port, forcing the state to LACP Disabled. This state is similar to the Defaulted 
state, except that the port is forced to operate as an individual port. 


Port Disabled—If the port becomes inoperable and a Begin event has not occurred, the 
state machine enters the Port Disabled state. 


e Transmit State—Transmit state of state machine. One of the following values: 


Fast Periodic—Periodic transmissions are enabled at a fast transmission rate. 
No Periodic—Periodic transmissions are disabled. 
Periodic Timer—Transitory state entered when the periodic timer expires. 


Slow Periodic—Periodic transmissions are enabled at a slow transmission rate. 


e Mux State—State of the multiplexer state machine for the aggregation port. The state is 


one of the following values: 


Attached—Multiplexer state machine initiates the process of attaching the port to the 
selected aggregator. 


Collecting Distributing—Collecting and distributing states are merged together to form 
a combined state (coupled control). Because independent control is not possible, the 
coupled control state machine does not wait for the partner to signal that collection has 
started before enabling both collection and distribution. 


Detached—Process of detaching the port from the aggregator is in progress. 


Waiting—Multiplexer state machine is in a holding process, awaiting an outcome. 


| Sample Output 


show lacp interfaces (Aggregated Ethernet) 


user@host> show lacp interfaces aeO 











Aggregated interfac ae0 
LACP state: Role 
ge-2/0/0 Actor 
ge-2/0/0 Partner 
ge-2/0/1 Actor 
ge-2/0/1 Partner 
ge-2/2/0 Actor 
ge-2/2/0 Partner 
ge-2/2/1 Actor 
G2 (2 fi Partner 
ACES oeOwec Ole: 
ge-2/0/0 
ge-2/0/1 
ge-2/2/0 
ge-2/2/1 








No 


Def 





Receive State 


Current 
Current 
Current 


Current 


show lacp interfaces (Redundant Ethernet) 


user@host> show lacp interfaces rethO 





Aggregated interfac retho 
MAC PaEsiechiacs Role 
ge-11/0/0 Actor 
ge-11/0/0 Partner 
ge-11/0/1 Actor 
ge-11/0/1 Partner 
ge-11/0/2 Actor 
ge-11/0/2 Partner 
ge-11/0/3 Actor 
ge-11/0/3 Partner 
ge-3/0/0 Actor 
ge-3/0/0 Partner 
ge-3/0/1 Actor 
ge-3/0/1 Partner 
ge-3/0/2 Actor 
C= 3/10) 2 Partner 
ge-3/0/3 Actor 














Def 
No 





ID) 


KKK Ke KR KK 


Di 







































































st Col Syn Aggr Timeout Activity 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
Transmit State Mux State 
Fast periodic Collecting distributing 
Fast periodic Collecting distributing 
Fast periodic Collecting distributing 
Fast periodic Collecting distributing 
st Col Syn Aggr Timeout Activity 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 
s Yes Yes Yes Fast Active 


Ike ike Ime tee ike ike ike ley ike ike ike ike dkq ike 
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ge-3/0/3 Partner No No Yes Yes Yes Yes Fast Active 
LACP protocol: Receive State Transmit State Mux State 
ge-11/0/0 Current Fast periodic Collecting distributing 
cj 11 /O/ i. Current Fast periodic Collecting distributing 
ge-11/0/2 Current Fast periodic Collecting distributing 
SLi /O/ 3 Current Fast periodic Collecting distributing 
ge-3/0/0 Current Fast periodic Collecting distributing 
ge-3/0/1 Current Fast periodic Collecting distributing 
ge-3/0/2 Current Fast periodic Collecting distributing 
ge-3/0/3 Current Fast periodic Collecting distributing 











{primary:nodel } 


show lacp interfaces (Gigabit Ethernet) 


user@host> show lacp interfaces ge-0/3/0 





Aggregated interface: ae0 











LACP State: Role Exp Def Dist Col Syn Aggr Timeout Activity 
ge-0/3/0 Actor No No Yes Yes Yes Yes Fast Active 
ge-0/3/0 Partner No No Yes Yes Yes Yes Fast Active 

PACER Protocol: Receive State Transmit State Mux State 


ge-0/3/0 Current Fast periodic Collecting distributing 
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| show lacp statistics interfaces (View) 


Syntax 


show lacp statistics interfaces interface-name 


Release Information 

Command modified in Release 10.2 of Junos OS. 

Command introduced in Release 11.1 of Junos OS for the QFX Series. 
Command introduced in Junos OS Release 14.1X53-D20 for the OCX Series. 


Description 

Display Link Aggregation Control Protocol (LACP) statistics about the specified aggregated Ethernet 
interface or redundant Ethernet interface. If you do not specify an interface name, LACP statistics for all 
interfaces are displayed. 


Options 
interface-name—(Optional) Name of an interface. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


Verifying LACP on Redundant Ethernet Interfaces 

Verifying the Status of a LAG Interface 

Verifying That LACP Is Configured Correctly and Bundle Members Are Exchanging LACP Protocol Packets 
Example: Configuring Link Aggregation Between a QFX Series Product and an Aggregation Switch 





Example: Configuring Link Aggregation with LACP Between a QFX Series Product and an Aggregation Switch 


List of Sample Output 
show lacp statistics interfaces on page 969 


Output Fields 


Table 66 on page 968 lists the output fields for the show lacp statistics interfaces command. Output fields 
are listed in the approximate order in which they appear. 


Table 66: show lacp statistics interfaces Output Fields 


Field Name Field Description 


Aggregatedinterface Aggregated interface value. 
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Table 66: show lacp statistics interfaces Output Fields (continued) 


Field Name Field Description 


LACP Statistics LACP statistics provide the following information: 


e LACP Rx—counter that increments for each received LACP packet. 
e LACP Tx—counter that increments for each transmitted LACP packet. 


Unknown Rx—number of unrecognized packet errors logged. 


e Illegal Rx—number of invalid packets received. 


NOTE: Starting in Junos OS Evolved Release 18.3R1, the clear interfaces statistics command 
clears LACP statistics as well as the counters displayed in the show lacp statistics interfaces 


command. 


| Sample Output 


show lacp statistics interfaces 


user@host> show lacp statistics interfaces aeO 





Aggregated interface: ae0 


LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx 
ge-2/0/0 1352 2035 0 0 
ge-2/0/1 1352 2056 0 0 
ge-2/2/0 352 2045 0 0 
ge-2/2/1 1352 2043 0 0 


| show modem wireless firmware 


Syntax 


show modem wireless firmware interface-name 


Release Information 


Command introduced in Junos OS 15.1X49-D100 


Description 


Display modem firmware details for the LTE Mini-PIM. 


Options 


e interface-name—The LTE interface is cl-x/0/0, where x is the slot number in which the LTE Mini-PIM is 


installed. 


Required Privilege Level 


view 


RELATED DOCUMENTATION 


show modem wireless network | 973 


List of Sample Output 
show modem wireless firmware on page 971 


Output Fields 


Table 67 on page 970 lists some of the output fields for the show modem wireless firmware command. 


Output fields are listed in the approximate order in which they appear. 


Table 67: show modem wireless firmware Output Fields 


Field Name 


LTE mPIM 
firmware details 


Wireless modem 
firmware details 


OTA status 


Description 


Displays the details of the firmware installed on the LTE Mini-PIM. 


Displays the details of the modem firmware. 


Displays the status of over-the-air (OTA) upgrade. The OTA upgrade can be enabled or disabled 
on the LTE Mini-PIM. OTA upgrade is disabled by default. 
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Table 67: show modem wireless firmware Output Fields (continued) 


Field Name Description 


Status of SIM e Number of SIM—Number of SIM cards installed. 


e Slot of active—The slot in which the active SIM card is installed. 


SIM state—Indicates whether the SIM card is present in the slot. 


e Modem PIN security status—Indicates the security status of the SIM. If the SIM is locked by 
using the request modem wireless sim-lock enable command, then the security status is 


displayed as enabled. 


SIM status—Status of the Subscriber Identity Module (SIM) in the LTE Mini-PIM. The status 


can be one of the following: 


SIM Okay 


No status—The device is being powered on or powered off, or the SIM card has been 
removed from the slot. 


SIM init failure—There is a problem with the SIM; the SIM might need to be replaced. 
SIM locked 

PIN1 blocked—Obtain a PIN unblocking key (PUK) to unblock the SIM. 

PIN1 rejected—The wrong PIN was entered. 

PIN2 rejected—The wrong PIN was entered. 


Network rejected 


e SIM user operation needed—Action required by the user. This can be one of the following: 


No op—No user operation required. 
Enter PIN—Enter the personal identification number (PIN) to unlock the SIM card. 
Enter PUK—Enter the PUK to unblock the SIM card. 


e Retries remaining—If the value of SIM user operation needed is Enter PIN, this is the number 


of PIN unlock attempts remaining before the modem is blocked. If the PIN is entered incorrectly 


three consecutive times, the SIM card is blocked. 


If the value of SIM user operation needed is Enter PUK, this is the number of unblock attempts 


remaining before the modem is unusable. If the PUK is entered incorrectly ten times, the SIM 


card must be returned to the service provider for reactivation. 


| Sample Output 


show modem wireless firmware 


user@host> show modem wireless firmware cl-1/0/0 





LTE mPIM firmware details 





Product name: Junos LTE mPIM 
Serial number: AG50071852 
Hardware version: AcceleratedConcepts/sprite 
Firmware version: 17.4.3 
MNES WO SOW Ese x00) seis Gil 
System uptime: 3430 seconds 
Wireless modem firmware details 
Modem firmware version: 
9999999 _ 9904609 _SWI9X30C_02.23.00.00_00_GENERIC_002.018_000 
odem Firmware build date: 22/10/2016 
Card type: MC7430 














odem manufacturer: Sierra Wireless, Inc 





Hardware version: 1.0 





Power & Temperature: Normal 3343 mV, Normal 30.00 C 
OTA status 
State: Enabled 





New firmware available: No 

Number of SIM: 2 

Siloor Race invicr 2 

Sedieus (Oi SEM: 
SIM state: SIM present 
Modem PIN security status: Disabled 
SIM status: SIM Okay 
SIM user operation needed: No Op 
Retries remaining: 3 

Siedieus Ot oo 
SIM state: SIM present 
Modem PIN security status: Disabled 
SIM status: SIM Okay 


SIM user operation needed: No Op 





Retries remaining: 3 
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| show modem wireless network 


Syntax 


show modem wireless network interface-name 


Release Information 
Command introduced in Junos OS Release 15.1X49-D100. 


Description 


Display the status of the modem and the status of the network connection for the LTE Mini-PIM. 


Options 
e interface-name—The LTE interface is cl-x/0/0, where x is the slot number in which the LTE Mini-PIM is 
installed. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


show modem wireless profiles | 976 


show modem wireless firmware | 970 


List of Sample Output 
show modem wireless network on page 975 


Output Fields 


Table 68 on page 973 lists some of the output fields for the show modem wireless network command. 
Output fields are listed in the approximate order in which they appear. 


Table 68: show modem wireless network Output Fields 


Field Name Field Description 
Current Modem Status Status of the modem on the Mini-PIM. The status can be one of the following 
states: 


e Disconnected 
e Calling 


e Connected 


Table 68: show modem wireless network Output Fields (continued) 


Field Name 


Current Service Status 


Current Service Type 


Current Service Mode 


Current Band 


Mobile Country Code (MCC) 


Mobile Network Code 


Field Description 


Status of the network connection. The status can be one of the following states: 


e Normal 

e Emergency Call Only 

e No Service Available 

e Unable To Register 

e Forbidden PLMN 

e Forbidden Area 

e Roaming Not Permitted 
e Account Not Permitted 
e Modem Not Permitted 
e Unknown IMSI 


e Authentication Failure 
One of the following: 


e Circuit switched (CS) 
e Packet switched (PS) 
e Combo (CS, PS) 


e Invalid 
One of the following: 


e Unknown 
e LTE 

e DC-HSPA+ 
e HSPA+ 

e HSPA 

e UMTS 


Current radio band in use. 


Number that uniquely identifies the country. 


Number that uniquely identifies a network within a country. 
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| Sample Output 


show modem wireless network 


user@host> show modem wireless network cl-1/0/0 





LTE Connection details 
Connected time: 147 

2s AP2,16.52 4 
Gateway: 172.16.52.5 
DNS Ss i123), 123) 123), LA8 
Umjowlie loypsig 

Queput bes: 0 

Bytes Received: 1308 
Bytes Transferred: 1164 
Packets Received: 10 
Packets Transferred: 10 


Wireless Modem Network Info 





Current Modem Status: Connected 


Current Service Status: Normal 





Current Service Type: PS 





1) 





Current Service Mode: LT! 
Current Band: B3 
Network: UNICOM 

Mobile Country Code (MCC): 460 

Mobile Network Code (MNC): 1 

Location Area Code (LAC): 65534 

Routing Area Code (RAC): 0 

Cell Identification: 4865903 

Access Point Name (APN): abcde 

Public Land Mobile Network (PLMN) : CHN-UNICOM 
wiv Savecil Ceulil io) (Cw) s 333 


International Mobile Subscriber Identification (I 





International Mobile Equipment Identification (IM 
Integrate Circuit Card Identity (ICCID): 89860114 
Reference Signal Receiving Power (RSRP): -—97 


Reference Signal Receiving Quality (RSRQ): -16 





Signal to Interference-plus-Noise Ratio (SiNR): 0 
Signal Noise Ratio (SNR): 0 








Energy per Chip to Interference (ECIO): 0 


MST) 


KKKKKKKKKKKKKKK 








EI/M 


BID) KKKKKKKKKKKKKKK 





q2i 





00697502 
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| show modem wireless profiles 


Syntax 


show modem wireless profiles interface-name slot slot-number 


Release Information 
Command introduced in Junos OS Release 15.1X49-D100. 


Description 


Display the profiles configured on the LTE Mini-PIM. 


Options 
e interface-name—The LTE interface is cl-x/0/0, where x is the slot number in which the LTE Mini-PIM is 
installed. 


e slot-number—The slot in which the SIM card is inserted. The value can be either 1 or 2. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


show modem wireless firmware | 970 


show modem wireless network | 973 


List of Sample Output 
show modem wireless profiles on page 977 


Output Fields 


Table 68 on page 973 lists some of the output fields for the show modem wireless profiles command. 
Output fields are listed in the approximate order in which they appear. 


Table 69: show modem wireless profiles Output Fields 


Field Name Field Description 


Max profiles The maximum number of profiles available for each SIM card. This value is always 
16. The LTE Mini-PIM supports two SIM cards and so you can configure a total 
of 32 profiles, although only one profile can be active at a time. 


Default profile Id The profile used to connect to the network when there is no profile selected. The 
default profile ID is always 1. 
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Table 69: show modem wireless profiles Output Fields (continued) 


Field Name 


Profile details 


Field Description 


Username—The username provided by the service provider. 
e Password—The password provided by the service provider. 


Access point name (APN)—The APN provided by the service provider. 


e Authentication—The protocol used for authentication. 


| Sample Output 


show modem wireless profiles 


user@host> show modem wireless profiles cl-1/0/0 slot 1 


Profile details 


Max profiles: 16 


Default profile Id: 1 


iors is 


Valid: TRUE 


ACTIVE 





Access point name (APN): ctnet 


Authentication: None 


Pie@itilke 2s 


Valid: 
Username: 


Password: 


TRUI 


Inactive 





eS 


myuser 


123456 


Access point name (APN): testapn 


Authentication: PAP 
38 


Profile 
Profile 
Profile 
Profile 
Profile 
Profile 
Profile 


Profile 


Profile 
Profile 
Profile 


Profile 








Profile 


Pisoiewie il 





4 
5 
6: 
7 
8 
9 


@y Wi ss ty Ss) [i & 


Invalid 
Invalid 
Invalid 
Invalid 
Invalid 


Invalid 





Invalid 
Invalid 
Invalid 
Invalid 
Invalid 
Invalid 


Invalid 





Invalid 
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| show oam ethernet link-fault-management 


Syntax 


show oam ethernet link-fault-management 
<brief | detail> 


<interface-name> 


Release Information 
Statement for SRX Series devices introduced in Junos OS Release 9.5. 


Description 
Display Operation, Administration, and Maintenance (OAM) link fault management (LFM) information for 
Ethernet interfaces. 


Options 
brief | detail—(Optional) Display the specified level of output. 


interface-name—(Optional) Display link fault management information for the specified Ethernet interface 
only. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


clear oam ethernet connectivity-fault-management path-database | 744 
clear oam ethernet connectivity-fault-management statistics 


Understanding Ethernet OAM Link Fault Management for SRX Series Services Gateways 





Example: Configuring Ethernet OAM Link Fault Management on a Security Device 


List of Sample Output 
show oam ethernet link-fault-management brief on page 983 
show oam ethernet link-fault-management detail on page 983 


Output Fields 


Table 70 on page 979 lists the output fields for the show oam ethernet link-fault-management command. 
Output fields are listed in the approximate order in which they appear. 


Table 70: show oam ethernet link-fault-management Output Fields 


Field Name 


Status 


Discovery state 


Peer address 


Flags 


Remote loopback 
status 


Field Description 


Status of the established link. 


e Fail—A link fault condition exists. 


e Running—A link fault condition does not exist. 
State of the discovery mechanism: 


e Passive Wait 


e Send Any 


Send Local Remote 


e Send Local Remote Ok 


Address of the OAM peer. 


Information about the interface. 


e Remote-Stable—Indicates remote OAM client acknowledgment of, and 


satisfaction with, local OAM state information. False indicates that 
remote DTE has either not seen or is unsatisfied with local state 
information. True indicates that remote DTE has seen and is satisfied 
with local state information. 


e Local-Stable—Indicates local OAM client acknowledgment of, and 


satisfaction with, remote OAM state information. False indicates that 
local DTE either has not seen or is unsatisfied with remote state 
information. True indicates that local DTE has seen and is satisfied with 


remote state information. 


e Remote-State-Valid—Indicates the OAM client has received remote 
state information found within local information TLVs (type, length, 
values) of received Information OAM PDUs. False indicates that the 
OAM client has not seen remote state information. True indicates that 


the OAM client has seen remote state information. 


An OAM entity can put its remote peer into loopback mode using the 


Loopback control OAM PDU. In loopback mode, every frame received is 


transmitted back on the same port (except for OAM PDUs, which are 


needed to maintain the OAM session). 
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Level of Output 


All levels 


All levels 


All levels 


All levels 


All levels 
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Table 70: show oam ethernet link-fault-management Output Fields (continued) 


Field Name 


Remote entity 
information 


Field Description Level of Output 


Remote entity information. All levels 


e Remote MUX action—Indicates the state of the multiplexer functions 


of the OAM sublayer. Device is forwarding non-OAM PDUs to the 
lower sublayer or discarding non-OAM PDUs. 


e Remote parser action—Indicates the state of the parser function of the 


OAM sublayer. Device is forwarding non-OAM PDUs to the higher 
sublayer, looping back non-OAM PDUs to the lower sublayer, or 
discarding non-OAM PDUs. 


e Discovery mode—Indicates whether discovery mode is active or inactive. 


e Unidirectional mode—Indicates the ability to operate a link in 


unidirectional mode for diagnostic purposes. 


e Remote loopback mode—Indicates whether remote loopback is 


supported or not supported. 


e Link events—Indicates whether interpreting link events is supported 


or not supported on the remote peer. 


e Variable requests—Indicates whether variable requests are supported 


or not supported. The Variable Request OAM PDU, is used to request 
one or more MIB variables from the remote peer. 


OAM Receive Statistics 


Information 


Event 


Variable request 


Variable 


response 


Loopback control 


Organization 
specific 


Number of information PDUs received. detail 
Number of loopback control PDUs received. detail 
Number of variable request PDUs received. detail 
Number of variable response PDUs received. detail 
Number of loopback control PDUs received. detail 
Number of vendor organization specific PDUs received. detail 


OAM Transmit Statistics 


Information 


Event 


Number of information PDUs transmitted. detail 


Number of event notification PDUs transmitted. detail 


Table 70: show oam ethernet link-fault-management Output Fields (continued) 


Field Name 


Variable request 


Variable 


response 


Loopback control 


Organization 
specific 


Field Description 


Number of variable request PDUs transmitted. 


Number of variable response PDUs transmitted. 


Number of loopback control PDUs transmitted. 


Number of vendor organization specific PDUs transmitted. 


OAM Received Symbol Error Event information 


Events 


Window 


Threshold 


Errors in period 


Total errors 


Number of symbol error event TLVs that have been received after the 
OAM sublayer was reset. 


Symbol error event window in the received PDU. 


The protocol default value is the number of symbols that can be received 
in one second on the underlying physical layer. 


Number of errored symbols in the period required for the event to be 
generated. 


Number of symbol errors in the period reported in the received event 
PDU. 


Number of errored symbols that have been reported in received event 
TLVs after the OAM sublayer was reset. 


Symbol errors are coding symbol errors. 


OAM Received Frame Error Event Information 


Events 


Window 


Threshold 


Errors in period 


Number of errored frame event TLVs that have been received after the 
OAM sublayer was reset. 


Duration of the window in terms of the number of 100 ms period intervals. 


Number of detected errored frames required for the event to be generated. 


Number of detected errored frames in the period. 


Level of Output 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 
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Table 70: show oam ethernet link-fault-management Output Fields (continued) 


Field Name Field Description 


Total errors Number of errored frames that have been reported in received event 
TLVs after the OAM sublayer was reset. 


A frame error is any frame error on the underlying physical layer. 


OAM Received Frame Period Error Event Information 


Events Number of frame seconds errors event TLVs that have been received 
after the OAM sublayer was reset. 


Window Duration of the frame seconds window. 


Threshold Number of frame seconds errors in the period. 


Errors in period Number of frame seconds errors in the period. 


Total errors Number of frame seconds errors that have been reported in received 
event TLVs after the OAM sublayer was reset. 


OAM Transmitted Symbol Error Event Information 


Events Number of symbol error event TLVs that have been transmitted after the 
OAM sublayer was reset. 


Window The symbol error event window in the transmitted PDU. 
Threshold Number of errored symbols in the period required for the event to be 
generated. 


Errors in period Number of symbol errors in the period reported in the transmitted event 
PDU. 


Total errors Number of errored symbols reported in event TLVs that have been 
transmitted after the OAM sublayer was reset. 


OAM Transmitted Frame Error Event Information 


Events Number of errored frame event TLVs that have been transmitted after 
the OAM sublayer was reset. 


Window Duration of the window in terms of the number of 100-ms period intervals. 


Level of Output 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 
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Table 70: show oam ethernet link-fault-management Output Fields (continued) 


Field Name Field Description 


Threshold 
Number of detected errored frames in the period. 


Errors in period 


Total errors Number of errored frames that have been detected after the OAM 


sublayer was reset. 


| Sample Output 


show oam ethernet link-fault-management brief 


user@host> show oam ethernet link-fault-management brief 








Interface: ge-0/0/1 
Status: Running, Discovery state: Send Any 
Pecwmmaddiscs sme UOUssocorU Oko: 
Flags:Remote-Stable Remote-State-Valid Local-Stable 0x50 





Remote loopback status: Disabled on local port, 





Remote entity information: 


Remote MUX action: discarding, Remote parser action: loopback 


Discovery mode: active, Unidirectional mode: unsupported 


Remote loopback mode: supported, Link events: supported 


Variable requests: unsupported 


show oam ethernet link-fault-management detail 


user@host> show oam ethernet link-fault-management detail 





Interface: ge-0/0/1 
Status: Running, Discovery state: Send Any 
Recracdcdrmcs struc OUilelocio OOhrs) 
Flags:Remote-Stable Remote-State-Valid Local-Stable 0x50 


OAM receive statistics: 
186365, 


Loopback control: 0, 


Variable request: 0, 





Information: Event: 0, 
Organization specific: 0 
OAM transmit statistics: 

186347, 


Loopback control: 0, 


Variable request: 0, 





Information: Event: O, 


Organization specific: 0 


Number of detected errored frames required for the event to be generated. 
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Level of Output 


detail 


detail 


detail 


Enabled on peer port 


Variable response: 0 


Variable response: 0 


OAM received symbol error event information: 
Events: 0, Window: 0, Threshold: 0 

lperm@ues) alin jxeie@cls @, woeecl EGrermerss (0) 

OAM received frame error event information: 
Events: 0, Window: 0, Threshold: 0 

Errors in period: 0, Total errors: 0 


OAM received frame period error event information: 





Events: 0, Window: 0, Threshold: 0 

Errors in period: 0, Total errors: 0 

OAM transmitted symbol error event information: 
Events: 0, Window: 0, Threshold: 1 

mors sin peci@cs WO, woral errors, O 


OAM transmitted fram rror event information: 





Events: 0, Window: 0, Threshold: 1 

lseroues) alin joxsiele@cls O, were errors: 

Remote entity information: 

Remote MUX action: forwarding, Remote parser action: forwarding 


Discovery mode: active, Unidirectional mode: unsupported 





Remote loopback mode: supported, Link events: supported 


Variable requests: unsupported 
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| show poe controller (View) 


Syntax 


show poe controller 
Release Information 
Command introduced in Junos OS Release 9.5. 


Description 


Display the status of the Power over Ethernet (PoE) controller. 


Options 


none—Display general parameters of the PoE software module controller. 


Required Privilege Level 
View 


RELATED DOCUMENTATION 


Example: Configuring PoE on All Interfaces | 306 


Output Fields 
Table 71 on page 985 lists the output fields for the show poe controller command. Output fields are listed 
in the approximate order in which they appear. 


Table 71: show poe controller Output Fields 


Field name Field Description 
Controller-index Identifies the controller. 
Maximum-power Specifies the maximum power that can be provided by the SRX Series 


device to PoE ports. 


Power-consumption Specifies the total amount of power allocated to the PoE ports. 


Guard-band Shows the guard band configured on the controller. 


Management Shows the power management mode. 
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| Sample Output 


show poe controller 


user@host>show poe controller 


Controller Maximum Power Guard band Management 
index power consumption 


0 150.0 W 0.0 W OW Siecleene: 
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| show pppoe interfaces 


Syntax 


show pppoe interfaces 
<brief | detail | extensive> 
<pp0.logical> 


Release Information 
Command introduced in Junos OS Release 9.5. 


Description 


Display session-specific information about PPPoE interfaces. 


Options 


none—Display interface information for all PPPoE interfaces. 
brief | detail—(Optional) Display the specified level of output. 


extensive—(Optional) Display information about the number of packets sent and received and the number 
of timeouts during a PPPoE session. 


ppO.logical—(Optional) Name of an interface. The logical unit number for static interfaces can be a value 
from O through 16,385. The logical unit number for dynamic interfaces can be a value from 
1,073,741,824 through the maximum number of logical interfaces supported on your SRX300, SRX320, 
and SRX340, and SRX550M devices. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


Understanding Ethernet Interfaces | 203 


List of Sample Output 

show pppoe interfaces on page 989 

show pppoe interfaces brief on page 990 
show pppoe interfaces detail on page 990 
show pppoe interfaces extensive on page 990 


Output Fields 


Table 72 on page 988 lists the output fields for the show pppoe interfaces command. Output fields are 
listed in the approximate order in which they appear. 
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Table 72: show pppoe interfaces Output Fields 


Field Name 


Index 


State 


Session ID 


Service name 


Configured AC 
name 


Session AC name 
Remote MAC 
address or 


Remote MAC 


Auto-reconnect 
timeout 


Idle timeout 


Session uptime 


Ignore 
End-Of-List tag 


Underlying 
interface 


Field Description 


Index number of the logical interface, which reflects its initialization sequence. 


State of the logical interface: up or down. 


Session ID. 


Type of service required (can be used to indicate an ISP name, a class, or quality of service). 


Configured access concentrator name. 


Name of the access concentrator. 


MAC address of the remote side of the connection, either the access concentrator or the 


PPPoE client. 


Timeout value for reconnecting after a PPPoE session is terminated (in seconds). 


Length of time (in seconds) that a connection can be idle before disconnecting. 


Length of time the session has been up, in hh:mm:ss. 


Disables the End-of-List tag to continue processing of other tags after the End-of-List tag 
in a PPPoE Active Discovery Offer (PADO) packet. 


Interface on which PPPoE is running. 
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Table 72: show pppoe interfaces Output Fields (continued) 


Field Name Field Description 


Packet Type Number of packets sent and received during the PPPoE session, categorized by packet 
type and packet errors: 


e PADI—PPPoE Active Discovery Initiation packets. 

e PADO—PPPoE Active Discovery Offer packets. 

e PADR—PPPoE Active Discovery Request packets. 

e PADS—PPPoE Active Discovery Session-Confirmation packets. 

e PADT—PPPoE Active Discovery Termination packets. 

e Service name error—Packets for which the Service-Name request could not be honored. 


e AC system error—Packets for which the access concentrator experienced an error in 
performing the host request. For example, the host had insufficient resources to create 


a virtual circuit. 
e Generic error—Packets that indicate an unrecoverable error occurred. 


e Malformed packets—Malformed or short packets that caused the packet handler to 
discard the frame as unreadable. 


e Unknown packets—Unrecognized packets. 
Timeout Timeouts that occur during the PPPoE session: 


e PADI—No PADI packets received within the timeout period. 


e PADO—No PADO packets received within the timeout period. (This value is always zero 
and is not supported.) 


e PADR—No PADR packets received within the timeout period. 


Receive Error Error counters received during the PPPoE session: 


Counters 
e PADI—No PADI error counters received during the session. 


e PADO—No PADO error counters received during the session. 
e PADR—No PADR error counters received during the session. 


e PADS—No PADS error counters received during the session. 


| Sample Output 


show pppoe interfaces 


user@host> show pppoe interfaces 


ppd0O.0 Index 71 
State: Session up, Session ID: 4, 


Service name: None, 





Session AC name: srx-pppoe-ac, Configured AC name: None, 
Remote MAC address: b0:c6:9a:74:5e:cl, 
Session uptime: 5d 15:21 ago, 





Auto-reconnect timeout: Never, Idle timeout: Never, 





Underlying interface: ge-0/0/1.0 Index 70 


show pppoe interfaces brief 


user@host> show pppoe interfaces brief 


Interface Underlying State Session 
interface ID 
pp0.0 ge-0/0/1.0 Session up 4 


show pppoe interfaces detail 


user@host> show pppoe interfaces detail 


ppd0.0 Index 71 
State: Session up, Session ID: 4, 


Service name: None, 





Session AC name: srx-pppoe-ac, Configured AC name: None, 
Remote MAC address: b0:c6:9a:74:5e:cl, 
Session uptime: 5d 15:21 ago, 





Auto-reconnect timeout: Never, Idle timeout: Never, 





Underlying interface: ge-0/0/1.0 Index 70 








Ignore End-Of-List tag: Enable 


show pppoe interfaces extensive 


user@host> show pppoe interfaces extensive 


ppd0.0 Index 71 
State: Session up, Session ID: 4, 


Service name: None, 





Session AC name: srx-pppoe-ac, Configured AC name: None, 
Remote MAC address: b0:c6:9a:74:5e:cl, 
Sesistonmupielme moc lS 22 eager, 





Auto-reconnect timeout: Never, Idle timeout: Never, 





Remorse 
MAC 
INO) Fes Vag 4 oaegcul 
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Underlying interface: ge-0/0/1.0 Index 70 

PacketType Sent Received 
PADI 
PADO 
PADR 
PADS 
PADT 
Service name error 
AC system error 
Generic error 


Malformed packets 


CS: > AS (650 > ee 





se S| ec ec ec S&S & ec 


Unknown packets 
Timeout 

PADI 0 

PADO 0 

PADR 0 





Receive Error Counters 
PADI 
PADO 
PADR 
PADS 





Se ec {| & 
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| show pppoe statistics 


Syntax 


show pppoe statistics 
<logical-interface-name> 


Release Information 
Command is t introduced in Junos OS Release 9.5. 


Description 


Display statistics information about PPPoE interfaces. 


Options 


none—Display PPPoE statistics for all interfaces. 


logical-interface-name—(Optional) Name of an underlying PPPoE logical interface. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


show pppoe interfaces | 987 
Understanding Ethernet Interfaces | 203 


List of Sample Output 
show pppoe statistics on page 993 


Output Fields 


Table 73 on page 992 lists the output fields for the show pppoe statistics command. Output fields are listed 
in the approximate order in which they appear. 


Table 73: show pppoe statistics Output Fields 


Field Name Field Description 


Active PPPoE Total number of active PPPoE sessions. 
sessions 


993 


Table 73: show pppoe statistics Output Fields (continued) 


Field Name 


Packet Type 


Timeout 


Receive Error 
Counters 


| Sample Output 


show pppoe statistics 


Field Description 


Number of packets sent and received during the PPPoE session, categorized by packet type 


and packet errors: 


e PADI—PPPoE Active Discovery Initiation packets. 

e PADO—PPPoE Active Discovery Offer packets. 

e PADR—PPPoE Active Discovery Request packets. 

e PADS—PPPoE Active Discovery Session-Confirmation packets. 

e PADT—PPPoE Active Discovery Termination packets. 

e Service name error—Packets for which the Service-Name request could not be honored. 


e AC system error—Packets for which the access concentrator experienced an error in 
performing the host request. For example, the host had insufficient resources to create a 


virtual circuit. 
e Generic error—Packets that indicate an unrecoverable error occurred. 


e Malformed packets—Malformed or short packets that caused the packet handler to discard 


the frame as unreadable. 


e Unknown packets—Unrecognized packets. 
Timeouts that occur during the PPPoE session: 


e PADI—No PADI packets received within the timeout period. 


e PADO—No PADO packets received within the timeout period. (This value is always zero 
and is not supported.) 


e PADR—No PADR packets received within the timeout period. 
Error counters received during the PPPoE session: 


e PADI—No PADI error counters received during the session. 
e PADO—No PADO error counters received during the session. 
e PADR—No PADR error counters received during the session. 


e PADS—No PADS error counters received during the session. 


user@host> show pppoe statistics 
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Active PPPoE sessions: 0 





PacketType Sent Received 
PADI 0 0 
PADO 0 0 
PADR 0 0 
PADS 0 0 
PADT 0 0 
Service name error 0 0 
AC system error 0 0 
Generic error 0 0 

alformed packets 0 0 
Unknown packets 0 0 

Timeout 
PADI 0 
PADO 0 
PADR 0 





Receive Error Counters 
PADI 
PADO 
PADR 
PADS 








Se Se S&S => 
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| show poe telemetries 


Syntax 


show poe telemetries 
<interface interface-name count number> 
<count number interface interface-name> 


Release Information 
Command modified in Junos OS Release 12.3X48-D10. 


Description 
Display a history of power consumption on the specified interface. Telemetries must be enabled on the 
interface before you can display a history of power consumption. 


Options 
e Interface interface-name—Display telemetries for the specified PoE interface. 


e count number—Display the specified number of telemetries records for the specified PoE interface. 


Required Privilege Level 
View 


RELATED DOCUMENTATION 


Example: Configuring PoE on All Interfaces | 306 


Output Fields 
Table 74 on page 995 lists the output fields for the show poe telemetries interface command. Output fields 
are listed in the approximate order in which they appear. 


Table 74: show poe telemetries interface Output Fields 


Field name Field Description 

S1 No Number of the record for the specified port. The last record is the most is the most 
recent. 

Timestamp Time that the power-consumption data was gathered. 

Power Amount of power provided by the specified port at the time the data was gathered. 


Voltage Voltage on the specified port at the time the data was gathered. 


| Sample Output 


show poe telemetries interface 


user@host>show poe telemetries interface ge-0/0/1 count 8 


Sl No 


co” =) 16), OS Go 


Timestamp 


IP aeaL 
IP Teal 
iP TeaL 
|PTEaL 
IP aE aL 
Fri 
Fri 


Fri 


Jan 04 
Jan 04 
Jan 04 
Jan 04 
Jan 04 
Jan 04 
Jan 04 
Jan 04 


PPP PP PP PB 





241 
240: 
392 
PSs) 8 
Sous 
5 S198 
5S5D8 
goats 


RAE) 


JES 
15 
TES 
18 
15) 
18 
15 


2009 
2009 
2009 
2009 
2009 
2009 
2009 
2009 


Power 


Nn A oo OO OH 
Oo OG) ay Gy Ie 
2 ee ee ee ee 


Voltage 
NT Ni 
AGT 2 
AY 32 W 
NY 2 W 
AY 32 W 
A Nil 
AT) 2 NY 
As. Nil 


user@host>show poe telemetries count 5 interface ge-0/0/1 


Sl No 


oO &®& W NY 


Timestamp 


IPaeaL 
Ip aeaL 
ip TeaL 
JPTE aL 


ip ea 


Jan 04 
Jan 04 
Jan 04 
Jan 04 
Jan 04 


ial ¢ 


ial 


iil ¢ 
il le 
iil s 


47: 
GSS 8 
28)2 
als) 
1103 


dat 


15) 
JES 
15 


15 


2009 
2009 
2009 
2009 
2009 


Power 
6.6 W 
6.6 
6.6 
6.6 
6.6 


32 = = 


Voltage 
ANS Ne 
AGT 2 
AY 32 W 
NY 62 W 
AY 32 WW 
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| show services accounting 


Syntax 


show services accounting 

aggregation 

errors 

<inline-jflow | inline-jflow fpc-slot slot number> 
flow 

<inline-jflow | inline-jflow fpc-slot slot number> 
flow-detail 

memory 

packet-size-distribution 

status 

<inline-jflow | inline-jflow fpc-slot slot number> 
usage 


Release Information 
Command introduced in Junos OS Release 10.4. The inline-jflow and fpc-slot options are added in Junos 
OS Release 12.1X45-D10. 


Description 


Display sampled accounting service. 
Options 
e aggregation—Display aggregation information. 
e errors —Display error statistics. 
e inline-jflow — Display service accounting inline flow monitoring parameters. 


e fpc-slot slot number— Display Flexible PIC Concentrator (FPC) slot for inline flow monitoring. 


e flow—Display flow information. 
e inline-jflow — Display service accounting inline flow monitoring parameters. 


e fpc-slot slot number— Display Flexible PIC Concentrator (FPC) slot for inline flow monitoring. 


e flow-detail—Display flow detail. 

e memory—Display memory information. 

e packet-size-distribution—Display packet size distribution. 
e status-Display service accounting parameters. 


e inline-jflow — Display service accounting inline flow monitoring parameters. 
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e fpc-slot slot number— Display Flexible PIC Concentrator (FPC) slot for inline flow monitoring. 


e usage-Display CPU usage. 


Required Privilege Level 


view 


RELATED DOCUMENTATION 


Flow Aggregation to Use Version 9 Flow Templates 


List of Sample Output 

show services accounting status inline-jflow on page 998 
show services accounting errors inline-jflow on page 998 
show service accounting flow inline-jflow on page 999 


Output Fields 


Lists the output fields for the show services accounting command. 


Sample Output 


show services accounting status inline-jflow 


user@host> show services accounting status inline-jflow 


Status information 
HPC Siloies & 
Export format: £P-PEX (V9) 
IPv4 Route Record Count: 16, IPv6 Route Record Count: 5 
Route Record Count: 21, AS Record Count: 1 





Route-Records Set: Yes, Config Set: Yes 


show services accounting errors inline-jflow 


user@host> show services accounting errors inline-jflow 





Error Information 
mec Sllecs 5 
Puc Sllercs  O 


Flow Creation Failures: 0 





IPv4 
IPv4 
IPv4 
IPv4 
IPv4 


IPv6 
IPv6 
IPv6 
IPv6 
IPv6 


Route Record Lookup Failures: 0 
AS Lookup Failures: 0 
Export Packet Failures: 0 


Memory Overload: No 





Lae iEOie ss 8 


Flow Creation Failures: 0 


Route Record Lookup Failures: 


AS Lookup Failures: 0 


Export Packet Failures: 0 





le IeOIE Ss 8 


Flow Creation Failures: 0 


Route Record Lookup Failures: 


AS Lookup Failures: 0 





Export Packet Failures: 0 


show service accounting flow inline-jflow 


0 


0 


user@host> show service accounting flow inline-jflow 


Flow Information 

mee Silocg © 

PLE Siloces © 

Flow Packets: 2 Flow Bytes: 0 


Active 





imilomss i wWoreul milowas 2 





Flows Exported: 0 Flow Packets Exported: 


Flows Inactive Timed Out: 


IPv4 Fl 


IPv4 Fl 


IPv4 Active Flows: 1 IPv4 Total Flows: 
IPy4 Fl 


IPv4 Fl 


Wew6 IP IL 


Wwe 1s 


IPv6 Active Flows: 0 IPv6 Total Flows: 
IPv6 Fl 


Ows: 





Ows: 








IPv6 Fl 


low Packets: 1 IPv4 Flow Bytes: 


low Packets: 1 IPv6 Flow Bytes: 


0 


ows Exported: 0 IPv4 Flow Packets 


0 


ows Exported: 0 IPv6é Flow Packets 


1 


1 


Zeal 


1 Flows Active Timed Out: 





Exported: 





Exported: 


2 


L332 


lows Inactive Timed Out: 0 IPv4 Flows Active Timed Out: 


Je 


lows Inactive Timed Out: 1 IPv6 Flows Active Timed Out: 


il 


il 
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| show services accounting aggregation (View) 


Syntax 


show services accounting aggregation 


Release Information 
Command introduced in Junos OS Release 10.4. 


Description 


Display aggregation information for the accounting service. 

Options 

e as—Display aggregation type AS. 

e destination-prefix—Display aggregation type destination-prefix. 

e protocol-port—Display aggregation type protocol-port. 

e source-destination-prefix—Display aggregation type source-destination- prefix. 
e source-prefix—Display aggregation type source-prefix. 


e template—Display aggregation type template. 
Required Privilege Level 


view 


RELATED DOCUMENTATION 


Flow Aggregation to Use Version 9 Flow Templates 
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| show services accounting aggregation template (View) 


Syntax 


show services accounting aggregation template 


Release Information 
Command introduced in Junos OS Release 10.4. 


Description 


Display aggregation type template. 


Options 
e detail—Display detailed output. 
e extensive—Display extensive output. 


e template-name—Display name of the template. 


e terse—Display terse output (default). 
Required Privilege Level 


view 


RELATED DOCUMENTATION 


Flow Aggregation to Use Version 9 Flow Templates 
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| show services accounting flow-detail (View) 


Syntax 


show services accounting flow-detail 


Release Information 
Command introduced in Junos OS Release 10.4. 


Description 


Display flow detail 

Options 

e destination-as—Filter term destination AS. 

e destination-port—Filter term destination port. 

e destination-prefix—Filter term destination prefix. 
e detail—Display detailed output. 


extensive-Display extensive output. 


input-snmp-interface-index-Filter term input SNMP interface index. 


limit-Display maximum number of flows to display. 


e name-Display name of the service, wildcard, or “all”. 


order-Display order for displaying flows. 


e output-snmp-interface-index- Filter term output SNMP interface index. 


proto-Filter term protocol. 


source-as-Filter term source AS. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


Flow Aggregation to Use Version 9 Flow Templates 
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| show wlan access-points 


Syntax 
Syntax (SRX Series devices) 


show wlan 

<detail> 
<virtual-access-points> 
<client-associations> 
<neighbors> 
<summary> 

<radio> 

<ha> 


Release Information 
Command introduced in Junos OS Release 19.4R1 for SRX Series devices. 
ha option is introduced in the Junos OS Release 20.3R1 for SRX Series devices. 


Description 
Display information about wireless and virtual access point WLANs configured on the wireless LAN 


interface wl-x/0/0. 


Options 
detail—(Optional) Display the specified level of output. 


virtual access points—Display Virtual access Points (VAPs) status and statistics. 
client-associations—Client association number of the specified access point. 


neighbors—List neighboring access point information including the MAC address, WPA, band, channel and 
SSID values. 


summary—Display the access point configuration summary as output. 
radio—Display access point radio information. 


ha—Display wireless access point status in HA mode. In ha mode, only one Wirelesss interface will be 
active and the wireless client can choose the required secure method to establish the wireless 
connection. After the wireless interface failover, wireless client will retry the secure process to establish 


the new wireless connection. 


In WIFI mPIM HA mode, there is one WAP mPIM card on each node. The WAP mPIM cards on both 
nodes have the same WAP configuration such as SSID, channel, and bandwidth. WAPO is active on 


nodeO and WAP71 is inactive on node1. Users are connected to WAPO initially. When there is WAPO 
failure, WAP1 is changed to active and the users are connected to WAP1 automatically. 


The show wlan access-points ha status command is supported on primary routing engine. This command 
displays information from WAP mPIM card on both nodes. 


Required Privilege Level 
view 


RELATED DOCUMENTATION 


Wi-Fi Mini-Physical Interface Module Overview | 463 
Configure Wi-Fi Mini-PIM | 464 
wlan | 735 


List of Sample Output 

show wlan access-points (SRX Series devices) on page 1006 

show wlan access-points (SRX Series devices) on page 1006 

show wilan access-points detail (SRX Series devices) on page 1007 

show wilan access-points virtual access-points (SRX Series devices) on page 1008 

show wilan access-points client-associations summary (SRX Series Devices) on page 1009 
show wlan access-points neighbors (SRX Series Devices) on page 1009 

show wilan access-points ha status (SRX Series Devices) on page 1009 


Output Fields 
Table 75 on page 1004 lists the output fields for the show wlan access-points command. Output fields are 
listed in the approximate order in which they appear. 


Table 75: show wlan access-points output fields 


Field Name Field Description Level of Output 
Access point Name of the wireless access point. All levels. 

Type Internal. detail 

Location Location of the access point. detail 

Serial Number Serial number of the Mini-PIM. detail 

Firmware Version Firmware version of the Mini-PIM. detail 


Alternate Version Alternate firmware version of the Mini-PIM. detail 
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Table 75: show wlan access-points output fields (continued) 


Field Name 


Country 


Access Interface 


Packet Capture 


Capture Interface 


Capture File 


Capture Duration 


Capture File Size 


MAC Address 


IPv4 Address 


Mode 


Channel 


VAP 


SSID 


VLAN ID 


Traffic Statistics 


Field Description 


Country code. 


Name of the wireless LAN interface on the WI-Fi Mini-PIM. 


Status of the traffic flow. 


Interface captured on radio. 


Capture file name. 


Duration of capture in seconds. 


File size of capture in kilobytes. 


MAC address of the Ethernet port. 


IPv4 address of the access point. 


Authentication mode on the radio. 


Channel bandwidth on the radio. 


Name of the virtual access point. 


Network name of the virtual access point. 


VLAN ID associated with the access point. 


Number and rate of bytes and packets received and 

transmitted on the wireless LAN interface. 

e Input bytes—Number of bytes received on the wireless 
LAN interface. 


e Output bytes—Number of bytes transmitted on the 
wireless LAN interface. 


e Input packets—Number of packets received on the wireless 


LAN interface. 


e Output packets—Number of packets transmitted on the 


wireless LAN interface. 


Level of Output 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


detail 


neighbors 


detail 


neighbors 


detail 


detail 
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Table 75: show wlan access-points output fields (continued) 


Field Name Field Description Level of Output 
Client number Client number on Radios 1 and 2. client-associations 
MAC Privacy Client MAC address as per the virtual access. neighbors 

WPA Status of the security authentication method. neighbors 

Band Status of the band. neighbors 


| Sample Output 
show wlan access-points (SRX Series devices) 


user@router> show wlan access-points 


Active access points information 
Access-—Point Type Interface Radio-mode/Channel/Bandwidth 
bj3340d-ha aerate wl-2/0/0 OiEie/Oieie /Oxeie, Oleic /Oneie Oise 


show wlan access-points (SRX Series devices) 


user@router> show wlan access-points e09-22-ha-ap 


nodeO0: 





Active access point information 

















Access Point 8 GOI—22—Inei—Ele) 

TVfioe : Internal 

Access Interface sew 27/10/20) 

Packet Capture 8 Ghieie 

Radiol : Mode: IEEE 802.lla/n/ac, Channel: 153, Bandwidth: 40 
Radio2 : Mode: Off, Channel: Off, Bandwidth: Off 


nodel: 





Active access point 


Access Point 
Type 

Access Interface 
Packet Capture 
Radiol 

Radio2 


information 


e09-22-ha-ap 
Internal 
wl-7/0/0 

Off 





Mode: IEEE 802.1la/n/ac, Channel: 153, Bandwidth: 40 














Mode: Off, Channel: 


show wilan access-points detail (SRX Series devices) 


(Ojala me Stellin cl Weleclitell nesta @stanta 


user@router> show wlan access-points bj340d-ha detail 


Active access point detail information 


Access Point 
Type 

Location 

Serial Number 
Firmware Version 
Alternate Version 
Country 

Access Interface 
System Time 
Packet Capture 
Ethernet Port: 


IAC Address 





Radiol: 


Radio2: 


b3340d-ha 
Internal 

Default Location 
EV0519AF0022 

Wl Bod 

Wl clk 5t8) 

US 

wl-2/0/0 





Ha Ocie Sil ieaeiile4@ wwe 2OLY 


Qheie 


Oval orc 7 8 eile Bers Wo 8th 7) 


Status 

MAC Address 
Temperature 
Mode 
Channel 
Bandwidth 


Transmit Power 


Status 

MAC Address 
Temperature 
Mode 
Channel 
Bandwidth 


Transmit Power 


Off 

QS TB aGS ASR HoOs3 9 
0 

Ont 

Off 

Off 

Off 


Off 

QA gi / Pele BOs Vlog 13} 
0 

Off 

Off 

Off 

Off 
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show wlan access-points virtual access-points (SRX Series devices) 


user@host> show wlan access-points bj340d-ha virtual-access-points 


Virtual access points information 


Access Point 


Radiol: 


Radio2: 


b3j340d-ha 


VAPO: 

Sid 

MAC Address 

VLAN ID 

WALES SicPiessic Les 
Input Bytes 

Output Bytes 

Input Packets 
Output Packets 


WIND IL 2 

‘Some 

MAC Address 

VLAN ID 

eat treusitzawisices 
Iinyeiwie, lshyvices 

Output Bytes 

Input Packets 
Output Packets 


VAPOR 

SSID 

MAC Address 

VLAN ID 

Traffic Statistics 
Isic IW eSs) 

Output Bytes 

Input Packets 
Output Packets 


AVe-N =e es 

‘Sis 

MAC Address 

VLAN ID 

WALES SicSPicasic Les 
IMSwNe IS Aces} 

Output Bytes 


juniper_ap_0 
ONO al eA 8 Shche Aid ois) 
G 


SIDVIISO 
94731324 
ALO) S37 
298451 


juniper_ap_3 
WOeililgAaee ssead sss 
LS) 


83421130 
BALA AL Syl AL 
FLOSS 7 
238451 


juniper_ap_7 
(0)(0) Qa oA Risis) ell 27/5) 
5 


STOVQSSS 
Save 2e zal 
415737 
308451 


juniper_ap_3 
00:11:22:33:44:78 
49 


SIDI IIR 
54231321 


Input Packets g Bilas 7 
Output Packets g POLLS iL 


show wilan access-points client-associations summary (SRX Series Devices) 


user@host> show wlan access-points bj340d-ha client associations summary 


Access point client associations summary 


Access point : bj340d-ha 
Client number on radio 1 (5.0 GHz) g 80) 
Client number on radio 2 (2.4 GHz) ei 
Total client number on access point : 50 


show wlan access-points neighbors (SRX Series Devices) 


user@host> show wlan access-points bj340d-ha neighbors 


Access point neighbors information 


Access point : b3340d-ha 

MAC Privacy WPA Band Channel 
OWOs ld s2zesisgdiale hs Off (ONE SE 24 10 
OOgLAszZs3ass Sos G7 On On iB) 100 


show wilan access-points ha status (SRX Series Devices) 


user@host> show wian access-points ha status 


Acess-—point Interface 
e09-22-ha-ap wl-2/0/0 
e09-22-ha-ap wl-7/0/0 


SSID 
xyz-ap 


abc-—ap 


HA-status 


Inactive 


Active 
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| speed (Chassis Cluster) 


Syntax 


set chassis cluster control-port speed (1g |10g); 


Release Information 
Statement introduced in Junos OS Release 18.1R1 for SRX4600. 


Description 

The SRX4600 supports three different PIC types—8-port 10-Gigabit Ethernet PIC, 4-port 40-Gigabit or 
100-Gigabit Ethernet PIC, and 4-port 10-Gigabit Ethernet PIC (in a chassis cluster). Out of the four ports 
on the 10-Gigabit Ethernet PIC in a chassis cluster, two ports are fabric ports and the other two ports are 
chassis cluster control ports. The two fabric ports do not support 1-Gbps speed. Only the two control 
ports of the chassis cluster support a port speed of 1 Gbps. 


On chassis cluster control interfaces, you can configure the operating speed of the 4-port 10-Gigabit 
Ethernet PIC from default 10-Gbps port speed to 1-Gbps port speed. You must reboot the device for the 
changed configuration to take effect. 


The chassis cluster control interfaces do not support multiple speeds. 
Following are the list of optics supported on SRX4600: 


e SRX-SFP-1GE-LX 
e SRX-SFP-1GE-LX-ET 
e SRX-SFP-1GE-SX 
e SRX-SFP-1GE-SX-ET 


Autonegotiation is automatically disabled when 1-Gbps speed is configured on the interfaces. 


NOTE: 
e The interface name for any xe interface remains same after converting its speed from 10G to 
1G. 


e To view the speed configured for the interface, execute the show interfaces extensive 
command. The Speed Configuration field's value of 1G or AUTO in the command output 
indicates whether the current operation speed of the interface is 1 Gbps or the default 10 
Gbps, respectively. 


Options 
e 1g — Link speed of 1 Gbps 
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e 10g — Link speed of 10 Gbps 


Required Privilege Level 
interface—To view this statement in the configuration. 
interface-control—To add this statement to the configuration. 


RELATED DOCUMENTATION 


speed (Gigabit Ethernet interface) | 718 


